© 2006-2012 nlnet labs, licensed under a creative commons attribution 3.0 unported license.creative...

© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.

Introduction to DNS and its

vulnerabilities

Introduction to DNS and its

vulnerabilities

Olaf M. [email protected] M. [email protected]

http://creativecommons.org/licenses/by/3.0/

mailto:[email protected]

mailto:[email protected]

2

DNS and DNS and

DNSSEC in a DNSSEC in a

NutshellNutshell

DNS and DNS and

DNSSEC in a DNSSEC in a

NutshellNutshell

source: http://upload.wikimedia.org/wikipedia/commons/b/b7/KoreanPineSeeds.jpg

http://upload.wikimedia.org/wikipedia/commons/b/b7/KoreanPineSeeds.jpg

http://upload.wikimedia.org/wikipedia/commons/b/b7/KoreanPineSeeds.jpg

3

Device queries Device queries

Recursive Recursive

NameserverNameserver

Device queries Device queries

Recursive Recursive

NameserverNameserver

Recursive

Recursive Nameserver

NameserverRecurses over

Recurses over

Authoritative

Authoritative nameservers

nameservers

Recursive

Recursive Nameserver

NameserverRecurses over

Recurses over

Authoritative

Authoritative nameservers

nameservers

Results are Results are cachedcached

Results are Results are cachedcached

The DNS is highly

The DNS is highly

distributivedistributiveThe DNS is highly

The DNS is highly

distributivedistributive

DNS is DNS is

implemented

implemented

through 100s of

through 100s of

thousands of

thousands of machines

machines

DNS is DNS is

implemented

implemented

through 100s of

through 100s of

thousands of

thousands of machines

machines

4

Stub Resolver Recursive Nameservers

Authoritative Nameservers

www.nlnetlabs.nl A

root.hints: location of the root servers

referral: nl NS

www.nlnetlabs.nl A

www.nlnetlabs.nl A

www.nlnetlabs.nl A

referral: nlnetlabs.nl NS

Answer: www.nlnetlabs.nl A 213.154.224.1

ROOTROOT

NLNL

NLnetLabs.NLnetLabs.NLNL

www.nlnetlabs.nl A 213.154.224.1

www.nlnetlabs.nl A 213.154.224.1

http://www.nlnetlabs.nl/

5

Attack Surface

On the Wire or

On the Wire or

through

through

Compromise

CompromiseOn the Wire or

On the Wire or

through

through

Compromise

Compromise

Whoa, that looks

Whoa, that looks

bad!!! Who Uses

bad!!! Who Uses

This System?

This System?

Whoa, that looks

Whoa, that looks

bad!!! Who Uses

bad!!! Who Uses

This System?

This System?

Compromise of

Compromise of

systems

systems

Compromise of

Compromise of

systems

systems

Bugs and

Bugs and

implementation

implementation

mistakes

mistakesBugs a

nd

Bugs and

implementation

implementation

mistakes

mistakes

http://www.nlnetlabs.nl/©2011 Stichting NLnet Labs

Mail serverMail server

Mail serverMail server

InternetInternet

Recursive DNSRecursive DNS

enterprise

QuickTime™ and aGraphics decompressor

are needed to see this picture.



8

Recursive Recursive NameserveNameserve

r r

Query: <qname, qtype, qclass,id>

STUB STUB ResolverResolver

AuthoritatiAuthoritative ve

NameserveNameserver r

AtackerAtacker



Response: <name, type, class,id>

Answer: <name, type, class>


Cache hit

Response:<name, type, class,id>

9


r r





AtackerAtacker






Cache hit

Response:<name, type, class,id>


Success depends

Success depends on legacy and

on legacy and speed of speed of network.

network.

Success depends

Success depends on legacy and

on legacy and speed of speed of network.

network.

And on various

And on various

properties that

properties that

the attacher the attacher

needs to match

needs to match

And on various

And on various

properties that

properties that

the attacher the attacher

needs to match

needs to match

Query IDQuery IDQuery IDQuery ID Source PortSource PortSource PortSource Port

0X200X200X200X20

10

TTL saves you?!?TTL saves you?!?I don’t think so....I don’t think so....TTL saves you?!?TTL saves you?!?I don’t think so....I don’t think so....

Dan Kaminsky’s image from zdnet.com

Security Security

PopstarPopstarSecurity Security

PopstarPopstar

11


r r

Query: asdf23sadf.webcam.com




AtackerAtacker

Query: www.webcam.com

Response: www.webcam.com


Response: webcam.com NS ns1.webcam.co

mns1.webcam.com A 10.6.6.6

Query: asdf23sadf.webcam.com

Response: asdf23sadf.webcam.com

Query to 10.6.6.6asdf23sadf.webcam.com

Query to 10.6.6.6www.webcam.com

Try Try

Delegatio

Delegatio

nsns

Try Try

Delegatio

Delegatio

nsns

Abuse a 25 Abuse a 25 year old year old protocol protocol requirement

requirement

Abuse a 25 Abuse a 25 year old year old protocol protocol requirement

requirement

http://www.webcam.com/




12

Do attacks

Do attacks happen in

happen in practice?practice?

Do attacks



Would you

Would you

tell?tell?Would you

Would you

tell?tell?

Would you Would you

notice?notice?Would you Would you

notice?notice?

13

Why would one

Why would one

attack the DNS?

attack the DNS?Why would one

Why would one

attack the DNS?

attack the DNS?

Do attacks



Do attacks



While one could

While one could

be doing other

be doing other thingsthings

While one could

While one could

be doing other

be doing other thingsthings

14

How to How to Protect?

Protect?

How to How to Protect?

Protect?

15

Follow the

Organizing

Organizing your lifeyour life

Organizing

Organizing your lifeyour life

Paying Paying

your Taxyour TaxPaying Paying

your Taxyour Tax

Your weekly Your weekly security

security updateupdate

Your weekly Your weekly security

security updateupdate

Short-Short-selling

selling your stock

your stock

Short-Short-selling

selling your stock

your stockMon€yWhy would one

Why would one

attack the DNS?

attack the DNS?Why would one

Why would one

attack the DNS?

attack the DNS?

16

Mon€yDon’t all these

Don’t all these

transactions use

transactions use

SSL and SSL and

Certificates?Certificates?

Don’t all these

Don’t all these

transactions use

transactions use

SSL and SSL and

Certificates?Certificates?

17

The role of The role of

a CAa CAThe role of The role of

a CAa CA 3rd party

3rd party trust broker

trust broker

3rd party

3rd party trust broker

trust broker

SubjectSubjectRequests

Requests

SubjectSubjectRequests

Requests

RA performs RA performs

checkschecksRA performs RA performs

checkschecks

RA tells CA RA tells CA to sign

to sign

RA tells CA RA tells CA to sign

to sign

Browser trusts

Browser trusts

CA signed CA signed

certificatescertificates

Browser trusts

Browser trusts

CA signed CA signed

certificatescertificatesEVEV

Extended Extended Validation

Validation

EVEVExtended Extended Validation

Validation

18

However all However all these little men

these little men are a wee bit

are a wee bit expensiveexpensive

However all However all these little men

these little men are a wee bit

are a wee bit expensiveexpensive

AUTOMATE THE LOT

19

DVDV

Domain

Domain

Validation

Validation

DVDV

Domain

Domain

Validation

Validation

Subject: Please

Subject: Please sign certificate

sign certificate forforExample.com

Example.com

Subject: Please

Subject: Please sign certificate

sign certificate forforExample.com

Example.comRA sends a mail

RA sends a mail

to well known

to well known

addressaddress

@example.com

@example.com

RA sends a mail

RA sends a mail

to well known

to well known

addressaddress

@example.com

@example.com

When mail When mail returned CA will

returned CA will signsign

When mail When mail returned CA will

returned CA will signsign

20

DVDV

Domain

Domain

Validation

Validation

DVDV

Domain

Domain

Validation

Validation

All these checks

All these checks are based on

are based on information

information fetched from the

fetched from the DNSDNS

All these checks

All these checks are based on

are based on information

information fetched from the

fetched from the DNSDNS

Hold that thought

Hold that thoughtfor Jakob’s

for Jakob’s presentation

presentation

Hold that thought

Hold that thoughtfor Jakob’s

for Jakob’s presentation

presentation

21

SecondaryDNS

primaryDNS

Registrars& Registrants

Registry

SecondaryDNS

Server vulnarability

Man in the Middle

spoofing&

Man in the Middle

DNS System

DNS System

Vulnerabiliti

Vulnerabilitieses

DNS System

DNS System

Vulnerabiliti

Vulnerabilitieses

Provisioning Provisioning

Vulnarabilities

VulnarabilitiesProvisioning Provisioning

Vulnarabilities

Vulnarabilities

22

What can one do

What can one do to protect...

to protect...(skipping DNSSEC)

(skipping DNSSEC)

What can one do

What can one do to protect...

to protect...(skipping DNSSEC)

(skipping DNSSEC)


Taking Unbound as example

Taking Unbound as example Other servers

Other servers might make other

might make other choices, but any

choices, but any modern resolver

modern resolver takes similar

takes similar approaches

approaches

Other servers

Other servers might make other

might make other choices, but any

choices, but any modern resolver

modern resolver takes similar

takes similar approaches

approaches



Security Choices in Unbound

Security Choices in Unbound

•In general, a modern paranoid resolver

•DNSSEC support.

•RFC 2181 support completely

•Fine grained. Keeps track of where RRSets came from and won't upgrade them into answers.

•Does not allow RRSets to be overridden by lower level rrsets



FilteringFiltering• Scrubber:

• Only in-bailiwick data is accepted in the answer

• The answer section must contain only answer

• CNAME, DNAME checked that chain is correct

• CNAME cut off and only the first CNAME kept

• Lookup rest yourself do not trust other server

• DNAME synthesize CNAME by unbound do not trust other server. Also cut off like above.

• DNAME from cache only used if DNSSEC-secure.



Filtering IIFiltering II•No address records in authority,

additional section unless relevant – i.e. mentioned in a NS record in the authority section.

•Irrelevant data is removed

•When the message only had preliminary parsing and has not yet been copied to the working region of memory



EntropyEntropy•Randomness protects against spoof

•Arc4random() (OpenBSD): crypto strong. May not be perfectly random, but predicting it is a cryptographical breakin.

•Real entropy from OS as seed

•Query id – all 16 bits used.

•Port randomisation – uses all 16bits there, goes out of its way to make sure every query gets a fresh port number



Entropy IIEntropy II• Destination address, and ipv4/ipv6. RTT band of

400msec (=everything).

• Its not the timewindow but the randomness

• Query aggregation – same queries are not sent out – unless by different threads

• Qname strict match checked in reply

• 0x20 option

• Harden-referral-path (my draft) option

• Can use multiple source interfaces!

• 4 outgoing IP address add +2 bits



Other measuresOther measures• Not for the wire itself

• Heap function pointer protection (whitelisted)

• Chroot() by default

• User privileges are dropped (lots of code!)

• ACL for recursion

• No detection of attacks – assume always under attack

• version.bind hostname.bind can be blocked or configured what to return (version hiding)

• Disprefer recursion lame servers – they have a cache that can be poisoned



Arms Race...

Arms Race...

Arms Race...

Arms Race...

Introducing

Introducing

DNSSECDNSSECIntroducing

Introducing

DNSSECDNSSEC


31

MetaphorMetaphorMetaphorMetaphor

MetaphorMetaphor

32

primaryDNS

SecondaryDNS


Registry

SecondaryDNS

End to End End to End SecuritySecurity

End to End End to End SecuritySecurity

33

All done using

All done using Public Key crypto

Public Key crypto

All done using

All done using Public Key crypto

Public Key crypto

DNSKEY: DNSKEY:

public key public key

from the from the

keypairkeypair

DNSKEY: DNSKEY:

public key public key

from the from the

keypairkeypair RRSIG: Signatures

RRSIG: Signatures

made with a

made with a

private key from

private key from

the keypair

the keypair

RRSIG: Signatures

RRSIG: Signatures

made with a

made with a

private key from

private key from

the keypair

the keypair

NSEC and NSEC3NSEC and NSEC3

For pre-For pre-

calculated Denial calculated Denial

of Existenceof Existence

NSEC and NSEC3NSEC and NSEC3

For pre-For pre-

calculated Denial calculated Denial

of Existenceof Existence

DSDS

For delegating

For delegating

SecuritySecurity

DSDS

For delegating

For delegating

SecuritySecurity


But more on that later

But more on that laterLet us have a look

Let us have a look

at another

at another

cryptographic DNS

cryptographic DNS

protection

protection mechanism

mechanism

Let us have a look

Let us have a look

at another

at another

cryptographic DNS

cryptographic DNS

protection

protection mechanism

mechanism


Securing Host-Host

Communication

Securing Host-Host

Communication


SecondaryDNS

primaryDNS


Registry

SecondaryDNS

Data flow through the DNS

What should you protect...

HOST Security

TSIG

TSIG (rarely)


Transaction Signature: TSIG

Transaction Signature: TSIG

•TSIG (RFC 2845)

–Authorising dynamic updates and zone transfers

–Authentication of caching forwarders

–Independent from other features of DNSSEC

•One-way hash function

–DNS question or answer and timestamp

•Traffic signed with “shared secret” key

•Used in configuration, NOT in zone file


SOA …

SOA

SIG: FOOB@R

Master

TSIG ExampleTSIG Example

Slave

KEY: $h@r3dS3cr3t

KEY: $h@r3dS3cr3t

AXFR

Sig: B1@F00

SOA …

SOA

SIG: FOOB@R

verification

verification

Query: AXFR

Response: Zone

AXFR

Sig: B1@F00

AXFR

Sig: B1@F00


TSIG for Zone Transfers

TSIG for Zone Transfers

1.Generate secret

2.Communicate secret

3.Configure servers

4.Test


Importance of the Time Stamp

Importance of the Time Stamp•TSIG/SIG(0) signs a complete DNS

request / response with time stamp

– To prevent replay attacks

– Currently hardcoded at five minutes

•Operational problems when comparing times

– Make sure your local time zone is properly defined

–date -u will give UTC time, easy to compare between the two systems

– Use NTP synchronisation!


Authenticating Servers Using

SIG(0)

Authenticating Servers Using

SIG(0)•Alternatively, it is possible to use SIG(0)–Not yet widely used

–Works well in dynamic update environment

•Public key algorithm

–Authentication against a public key published in the DNS

•SIG(0) specified in RFC 2931


Cool ApplicationCool Application•Use TSIG-ed dynamic updates to

configure configure your laptops name

•My laptop is know by the name of aagje.secret-wg.org

– http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html

–Mac OS users: there is a bonjour based tool.

•www.dns-sd.org

© 2006-2012 nlnet labs, licensed under a creative commons attribution 3.0 unported license.creative...

Documents

e s e r v e r s results

s e o f s y s t e

n u t s h e

c h i n e s slide

cached r e s u

n d d n s s e c i n

machines d n s i s i

s o f t h o u s