Table of Contents: What is a DNS? What is a DNS Attack? How Do Hackers Use DNS? Types of DNS Attack What is DNSSEC? How to Protect Against a DNS Attack Final Thoughts: DNS Attack What is a DNS? The , is a protocol that translates human-friendly URLs into IP addresses. Think of it as a Domain Name System, or DNS phone book for the Internet. DNS is made up of the following components: an authoritative name server, a recursive server, DNS root server, and a TLD name server. Attackers can use DNS to establish a command and control (C2), which would allow them to gain unauthorized access into a network and be able to exfiltrate data. Image source here What is a DNS Attack? A DNS attack is when a hacker exploits vulnerabilities in the DNS service. The focus of the attack is on the DNS infrastructure itself with either attempting to make the DNS service unavailable or corrupt answers that are usually provided by the DNS server. There are two general types of attacks on DNS: Attacks with the goal of disabling DNS Attacks affecting the DNS response In the upcoming section, I will go into detail about some of the most common types of DNS attacks. How Do Hackers Use DNS? A major issue with the DNS system is the fact that an attacker can replace the authorized IP address of a webpage with a malicious one, therefore, directing users to a rogue website. The users would not have any knowledge of this IP swap as well. Types of DNS Attack DoS and DDoS Attacks A distributed denial of service (DDoS) attack attempts to disrupt the regular traffic of a network or server by bombarding it with unnecessary traffic to overwhelm it and make it unresponsive. A DDoS attack can crash the entire DNS server preventing users from being able to access the web. DNS Hijacking/DNS Redirection Hackers redirect queries to a malicious website and target the DNS record of a webpage on the name server. DNS Poisoning/DNS Spoofing This type of attack occurs when incorrect IP addresses are stored on a DNS cache. For example, instead of directing the user to amazon.com, the invalid DNS cache entry may take users to a phishing site instead that looks the real Amazon webpage. a lot like Here are a few ways on how DNS poisoning attacks may typically begin: Hackers impersonate the DNS name server Hacker makes a request to the DNS resolver The hackers forge a reply to the DNS resolver before the actual DNS name server is able to provide a reply DNS Tunneling This attack utilizes other protocols to pass DNS queries and responses. Hackers may use TCP, HTTP, or SSH to pass malware or exfiltrated information into DNS queries. NXDOMAIN Attack This type of attack is a variant of DDoS and occurs when the DNS server is flooded with queries to non-existent domains, making it impossible for the server to respond to legitimate DNS requests. Phantom Domain Attack This is a type of DoS (denial of service) attack that targets the authoritative name server. When the DNS server does not know an IP address, it will look up the address on other connected DNS servers. The purpose of this attack is to intercept the lookup process and slow down the function of the DNS server. What is DNSSEC? The DNS protocol was not designed with security in mind - hence all of the attacks that were created to exploit vulnerabilities in the DNS system - which was why was created. DNSSEC protects against DNS attacks by digitally signing data to ensure its authenticity and accuracy. It implements hierarchical digital signing across all layers of DNS. DNS Security Extensions (DNSSEC) How to Protect Against a DNS Attack Now that you have an understanding of some of the different DNS attacks, here are a few things that you can do to protect against a DNS attack. Hackers never stop searching for new vulnerabilities to exploit, so it is important to know what you can do to protect yourself from a DNS attack. . If you are using your own resolver, only users within your network should have access Keep your resolver private and protected . Protect your recursive DNS servers from unwanted access and tampering through access controls, DNSSEC, etc. Harden recursive DNS servers . Understand your DNS architecture in order to properly secure it Be familiar with your DNS architecture . Logging and monitoring inbound and outbound queries are beneficial to detecting anomalies Logging and monitoring DNS queries and the response data . This can be done by using a random port instead of the standard port for DNS (UDP port 53), randomizing the query ID, and randomizing the case letters of the domain names that need to be resolved. Configure your DNS to be as secure as possible Final Thoughts: DNS Attack DNS attacks are not new but are becoming more prevalent as hackers are abusing and using DNS servers to accomplish their goals. On , Facebook, Instagram, and WhatsApp were down for a couple of hours, and one of the reasons was because the DNS was not resolving. This is why it is important that you understand what can be done to protect against such attacks. Remember that as DNS attacks are constantly evolving, so does DNS security. You should always be learning about what you can do to stop attackers from using DNS against you. October 4th, 2021

Amazon

Facebook

Instagram

Target

Interested in security? Follow along for content within Cybersecurity

2021 - Top Security Expert

2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

2022 - HackerNoon Contributor of the Year - Facebook

2022 - HackerNoon Contributor of the Year - Instagram

2022 - HackerNoon Contributor of the Year - Security

2022 - HackerNoon Contributor of the Year - Social Media

Nominated for 2022 - HackerNoon Contributor of the Year - Instagram

Nominated for 2022 - HackerNoon Contributor of the Year - Social Media

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

Nominated for 2022 - HackerNoon Contributor of the Year - Facebook

Too Long; Didn't Read

Questions about cloud security? Get answers here.

What is a DNS Attack and How Can You Protect Against It?

What is a DNS Attack and How Can You Protect Against It?

Too Long; Didn't Read

Companies Mentioned

Jessica Truong

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

What is a DNS Attack and How Can You Protect Against It?

Too Long; Didn't Read

Companies Mentioned

Jessica Truong

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES