DNS: Revising the Current Protocol - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

DNS: Revising the Current Protocol

Description:

DNS: Revising the Current Protocol. Matt Gustafson. CS526 December 9, 2002 ... Modify the current DNS so that a site under attack can communicate with the DNS ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 11
Provided by: mattgus
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: DNS: Revising the Current Protocol


1
DNS Revising the Current Protocol
Matt Gustafson CS526December 9, 2002 University
of Colorado, Colorado Springs
2
Goal
  • Modify the current DNS so that a site under
    attack can communicate with the DNS server to
    redirect clients through a proxy server

3
Intro to DNS
  • Client queries a local name server through a
    program called the resolver
  • Local Name Server then queries foreign name
    servers until IP address is found
  • Local Name Server returns IP address to client

4
Queries
  • Resolver sends one or more queries to name
    servers
  • Queries are just UDP datagrams
  • Name server responds by either answering the
    question posed in the query, referring the
    requester to another set of name servers, or
    signaling an error

5
Resource Records
  • Name servers answer queries by looking through
    their resource records (RRs) using a program
    called BIND.
  • Resource Records contain (among other things)
  • --owner where RR is found
  • --type type of resource host address, name
    of an alias, pointer to another name server, or
    mail exchange info
  • --TTL describes how long a RR can be cached
    before it should be discarded

6
RRs (continued)
  • Name servers contain RRs for each machine in
    their name space.
  • There may be several RRs for a particular domain
    name.
  • When queried, they return matching RRs, or if
    the desired IP address is not in their name space
    they will return an RR that points toward a name
    server with the desired information

7
Solution
  • Add a new type under the field type in the
    resource records and call it PROXY
  • Add a completely new field called ALT which
    would contain either a 0 or a 1

8
How it Works
  • Name server would first retrieve all the matching
    RRs
  • Before sending it back to the resolver, it would
    first check to see if the ALT bit was
    checked(equal to 1)
  • If it was, it would return the IP address listed
    under PROXY
  • If the ALT bit equaled 0 it would then return
    the normal IP address

9
Difficulties
  • For this to work, there needs to be a way for a
    machine to notify its name server that it is
    under attack and to set its ALT field in its
    resource record to 1.
  • BIND 9 supports dynamic updates, but since all
    DNS transactions are carried in a UDP header,
    this is too easy to falsify, so anyone could
    change RRs.
  • One possible solution have a heart beat
    messaging system.
  • Each name server would send out a pulse to each
    machine in its name space in a round robin
    fashion.
  • If the machine did not reply it would set its
    resource record set bit to 1.

10
Conclusion
  • This isnt foolproof. There are still ways
    around this.
  • Although implementing changes to BIND may take a
    relatively short amount of time development wise,
    the real problem with this is that all name
    servers and resolvers have to support these
    changes.
  • Modern DNS is all based on RFC 1035, which was
    written in 1987.
Write a Comment
User Comments (0)
About PowerShow.com