Security News > 2021 > August > New DNS vulnerability allows 'nation-state level spying' on companies
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service providers that could allow attackers to access sensitive information from corporate networks.
"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," the Wiz researchers said.
What makes things even worse, while two of the major DNS providers have already fixed these DNS flaws, others are still likely vulnerable, exposing millions of devices to attacks.
Microsoft, who could tweak the dynamic DNS algorithm which allows Windows endpoints to leak internal network traffic to malicious DNS servers, already told Wiz that this is not a vulnerability.
Redmond advises using separate DNS names and zones for internal and external hosts to avoid DNS conflicts and network issues, and provides detailed documentation on how to properly configure DNS dynamic updates in Windows.
Companies renting DNS servers can also make changes to block their internal network traffic from leaking via dynamic DNS updates by modifying the default Start-of-Authority record.