Security News > 2021 > May > TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers

Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service attacks against authoritative DNS servers, a group of researchers warned this week.

Google and Cisco, both of which provide widely used DNS services, have deployed patches for TsuNAME, but the researchers believe many servers are still vulnerable to attacks.

An attacker can abuse recursive resolvers affected by TsuNAME to send a large volume of queries to targeted authoritative servers, such as the ones of TLD operators.

TsuNAME occurs on servers where there is cyclic dependency, a configuration error caused by the NS records for two zones pointing to each other.

"TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers explained in a paper detailing the vulnerability.

They also explained in a separate advisory, "Resolvers vulnerable to TsuNAME will send non-stop queries to authoritative servers that have cyclic dependent records. While one resolver is unlikely to overwhelm an authoritative server, the aggregated effect from many looping, vulnerable recursive resolvers may as well do."

News URL

http://feedproxy.google.com/~r/Securityweek/~3/V1rxp6itX_Q/tsuname-vulnerability-can-be-exploited-ddos-attacks-dns-servers