No client directly uses DNS. In some ways, DNS is the precursor of contemporary

Question

No client directly uses DNS. In some ways, DNS is the precursor of contemporary directory services. From the very beginning, it was not practical to use IP addresses directly; address assignments change after time. Hosts files, which are tables with name to number matching, grew too large to manage as the size of the Internet increased. This caused DNS to gain in popularity. One of the advantages of DNS is its ability to scale, because it can distribute and interconnect lists of names and addresses.

Though it has been of great value to the ease of use of the Internet, configuration errors of clients, servers, and resolvers can occur in many ways. In addition, new ways are being discovered all the time to warp, corrupt, or disable the function of the server, resolver, or client. These range from co-opting delegation for a given domain at the top of the hierarchy to poisoning a local resolver with inaccurate addresses. Most users will not suspect a compromised lookup that takes them to a site that looks legitimate, and many will, when experiencing a timeout or failure of a host lookup, simply conclude that "the Internet is down."

In 3–4 paragraphs:

1. Enumerate as many DNS errors as you can, and propose a method to detect one of them, or a small cluster of related ones.

2. Analyze the errors you have chosen for their potential to be used as a deliberate or accidental attack (for example, a man-in-the middle attack).

3. Propose a method to reduce or eliminate the risk. Since some problems are only truly fixed by updated software or infrastructure, there may be interim workarounds, so you may propose one of those, and those steps to improve security or stability may reduce the functionality of the systems.

Explanation / Answer

Solution: -

1) DNS servers are really very important part of an IT infrastructure for every firms. The main function of DNS is to resolve the domain name to IP address as it will be very difficult to remember IP address of every domain. So, DNS makes it simple by resolving the query. It has two zones: Forward Lookup Zone and reverse lookup zone. But sometimes, problem or error arises in DNS servers, so below there are few errors that may occur:

Now Fixing one of these errors:

While fixing incorrect configuration of DNS server, so first check whether your Forward and Reverse lookup zones are properly configures. There are other several FLZ records are there such as SOA, MX, A records, AAAA records.

2) So, DDOS is actually Distributed Denial of Service, in this type of attack the attackers just flood huge amount of traffic to the DNS server and thus destroying the resolution of the records of the zones. DNS amplification is a type of DDOS attack and here the attacker sends a small lookup query to the DNS server with fraud IP address causing too much traffic id drained to the DNS server for resolving the queries, thus DNS server couldn’t able to handle too much traffic and hence get crashed or the network goes down. The hacker’s main aim is to saturate the network by destroying the bandwidth.

3) Mitigating the DDOS attack: -For mitigating DNS floods is quite hassle free as well as simple. The solution can be mitigated by using anti DDOS service. For implementation of the DNS server, clients can deploy multi datacenter network and it must be implemented in front of the DNS server. What it does is this network actually handles all the incoming traffics and help the way to reach the DNS server for resolving the queries. From the cache only, the queries get resolved maximum time and the DNS server does not need to handle too much of traffics. This way we can ensure that DNS server remain secure as well as remain stable from these types of attacks.

Related Questions

Navigate

• Browse (All)
• Browse N
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.