The previous section showed that legacy DNS suffers from limited redundancy and various bottlenecks. In this section, we examine the feasibility of attacks that target these bottlenecks through known vulnerabilities in commonly deployed nameservers. Early studies [10,22,27] identified several implementation errors in legacy DNS servers that can lead to compromise. While many of these have been fixed, a significant percentage of nameservers continue to use buggy implementations. We surveyed 150,000 nameservers to determine if they contain any known vulnerabilities, based on the Berkeley Internet Name Daemon (BIND) exploit list maintained by the Internet Systems Consortium (ISC) [17]. Table 2 summarizes the results of this survey. Approximately 18% of servers do not respond to version queries, and about 14% do not report valid BIND versions. About 2% of nameserves have the tsig bug, which permits a buffer overflow that can enable malicious agents to gain access to the system. 19% of nameserves have the negcache problem that can be exploited to launch a DoS attack by providing negative responses with large TTL value from a malicious nameserver. Overall, exploiting the bottlenecks identified in the previous section is practical.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||