Security News > 2021 > May > TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers
Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service attacks against authoritative DNS servers, a group of researchers warned this week.
Google and Cisco, both of which provide widely used DNS services, have deployed patches for TsuNAME, but the researchers believe many servers are still vulnerable to attacks.
An attacker can abuse recursive resolvers affected by TsuNAME to send a large volume of queries to targeted authoritative servers, such as the ones of TLD operators.
TsuNAME occurs on servers where there is cyclic dependency, a configuration error caused by the NS records for two zones pointing to each other.
"TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers explained in a paper detailing the vulnerability.
They also explained in a separate advisory, "Resolvers vulnerable to TsuNAME will send non-stop queries to authoritative servers that have cyclic dependent records. While one resolver is unlikely to overwhelm an authoritative server, the aggregated effect from many looping, vulnerable recursive resolvers may as well do."
News URL
Related news
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)