Post on 31-Mar-2015
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Introduction to DNS and its
vulnerabilities
Introduction to DNS and its
vulnerabilities
Olaf M. Kolkmanolaf@nlnetlabs.nlOlaf M. Kolkmanolaf@nlnetlabs.nl
2
DNS and DNS and
DNSSEC in a DNSSEC in a
NutshellNutshell
DNS and DNS and
DNSSEC in a DNSSEC in a
NutshellNutshell
source: http://upload.wikimedia.org/wikipedia/commons/b/b7/KoreanPineSeeds.jpg
3
Device queries Device queries
Recursive Recursive
NameserverNameserver
Device queries Device queries
Recursive Recursive
NameserverNameserver
Recursive
Recursive Nameserver
NameserverRecurses over
Recurses over
Authoritative
Authoritative nameservers
nameservers
Recursive
Recursive Nameserver
NameserverRecurses over
Recurses over
Authoritative
Authoritative nameservers
nameservers
Results are Results are cachedcached
Results are Results are cachedcached
The DNS is highly
The DNS is highly
distributivedistributiveThe DNS is highly
The DNS is highly
distributivedistributive
DNS is DNS is
implemented
implemented
through 100s of
through 100s of
thousands of
thousands of machines
machines
DNS is DNS is
implemented
implemented
through 100s of
through 100s of
thousands of
thousands of machines
machines
4
Stub Resolver Recursive Nameservers
Authoritative Nameservers
www.nlnetlabs.nl A
root.hints: location of the root servers
referral: nl NS
www.nlnetlabs.nl A
www.nlnetlabs.nl A
www.nlnetlabs.nl A
referral: nlnetlabs.nl NS
Answer: www.nlnetlabs.nl A 213.154.224.1
ROOTROOT
NLNL
NLnetLabs.NLnetLabs.NLNL
www.nlnetlabs.nl A 213.154.224.1
www.nlnetlabs.nl A 213.154.224.1
5
Attack Surface
On the Wire or
On the Wire or
through
through
Compromise
CompromiseOn the Wire or
On the Wire or
through
through
Compromise
Compromise
Whoa, that looks
Whoa, that looks
bad!!! Who Uses
bad!!! Who Uses
This System?
This System?
Whoa, that looks
Whoa, that looks
bad!!! Who Uses
bad!!! Who Uses
This System?
This System?
Compromise of
Compromise of
systems
systems
Compromise of
Compromise of
systems
systems
Bugs and
Bugs and
implementation
implementation
mistakes
mistakesBugs a
nd
Bugs and
implementation
implementation
mistakes
mistakes
http://www.nlnetlabs.nl/©2011 Stichting NLnet Labs
Mail serverMail server
Mail serverMail server
InternetInternet
Recursive DNSRecursive DNS
enterprise
QuickTime™ and aGraphics decompressor
are needed to see this picture.
http://www.nlnetlabs.nl/©2011 Stichting NLnet Labs
Mail serverMail server
Mail serverMail server
InternetInternet
Recursive DNSRecursive DNS
enterprise
QuickTime™ and aGraphics decompressor
are needed to see this picture.
8
Recursive Recursive NameserveNameserve
r r
Query: <qname, qtype, qclass,id>
STUB STUB ResolverResolver
AuthoritatiAuthoritative ve
NameserveNameserver r
AtackerAtacker
Query: <qname, qtype, qclass,id>
Query: <qname, qtype, qclass,id>
Response: <name, type, class,id>
Answer: <name, type, class>
Response: <name, type, class,id>
Cache hit
Response:<name, type, class,id>
9
Recursive Recursive NameserveNameserve
r r
Query: <qname, qtype, qclass,id>
STUB STUB ResolverResolver
AuthoritatiAuthoritative ve
NameserveNameserver r
AtackerAtacker
Query: <qname, qtype, qclass,id>
Query: <qname, qtype, qclass,id>
Response: <name, type, class,id>
Answer: <name, type, class>
Response: <name, type, class,id>
Cache hit
Response:<name, type, class,id>
Response: <name, type, class,id>
Success depends
Success depends on legacy and
on legacy and speed of speed of network.
network.
Success depends
Success depends on legacy and
on legacy and speed of speed of network.
network.
And on various
And on various
properties that
properties that
the attacher the attacher
needs to match
needs to match
And on various
And on various
properties that
properties that
the attacher the attacher
needs to match
needs to match
Query IDQuery IDQuery IDQuery ID Source PortSource PortSource PortSource Port
0X200X200X200X20
10
TTL saves you?!?TTL saves you?!?I don’t think so....I don’t think so....TTL saves you?!?TTL saves you?!?I don’t think so....I don’t think so....
Dan Kaminsky’s image from zdnet.com
Security Security
PopstarPopstarSecurity Security
PopstarPopstar
11
Recursive Recursive NameserveNameserve
r r
Query: asdf23sadf.webcam.com
STUB STUB ResolverResolver
AuthoritatiAuthoritative ve
NameserveNameserver r
AtackerAtacker
Query: www.webcam.com
Response: www.webcam.com
Answer: <name, type, class>
Response: webcam.com NS ns1.webcam.co
mns1.webcam.com A 10.6.6.6
Query: asdf23sadf.webcam.com
Response: asdf23sadf.webcam.com
Query to 10.6.6.6asdf23sadf.webcam.com
Query to 10.6.6.6www.webcam.com
Try Try
Delegatio
Delegatio
nsns
Try Try
Delegatio
Delegatio
nsns
Abuse a 25 Abuse a 25 year old year old protocol protocol requirement
requirement
Abuse a 25 Abuse a 25 year old year old protocol protocol requirement
requirement
12
Do attacks
Do attacks happen in
happen in practice?practice?
Do attacks
Do attacks happen in
happen in practice?practice?
Would you
Would you
tell?tell?Would you
Would you
tell?tell?
Would you Would you
notice?notice?Would you Would you
notice?notice?
13
Why would one
Why would one
attack the DNS?
attack the DNS?Why would one
Why would one
attack the DNS?
attack the DNS?
Do attacks
Do attacks happen in
happen in practice?practice?
Do attacks
Do attacks happen in
happen in practice?practice?
While one could
While one could
be doing other
be doing other thingsthings
While one could
While one could
be doing other
be doing other thingsthings
14
How to How to Protect?
Protect?
How to How to Protect?
Protect?
15
Follow the
Organizing
Organizing your lifeyour life
Organizing
Organizing your lifeyour life
Paying Paying
your Taxyour TaxPaying Paying
your Taxyour Tax
Your weekly Your weekly security
security updateupdate
Your weekly Your weekly security
security updateupdate
Short-Short-selling
selling your stock
your stock
Short-Short-selling
selling your stock
your stockMon€yWhy would one
Why would one
attack the DNS?
attack the DNS?Why would one
Why would one
attack the DNS?
attack the DNS?
16
Mon€yDon’t all these
Don’t all these
transactions use
transactions use
SSL and SSL and
Certificates?Certificates?
Don’t all these
Don’t all these
transactions use
transactions use
SSL and SSL and
Certificates?Certificates?
17
The role of The role of
a CAa CAThe role of The role of
a CAa CA 3rd party
3rd party trust broker
trust broker
3rd party
3rd party trust broker
trust broker
SubjectSubjectRequests
Requests
SubjectSubjectRequests
Requests
RA performs RA performs
checkschecksRA performs RA performs
checkschecks
RA tells CA RA tells CA to sign
to sign
RA tells CA RA tells CA to sign
to sign
Browser trusts
Browser trusts
CA signed CA signed
certificatescertificates
Browser trusts
Browser trusts
CA signed CA signed
certificatescertificatesEVEV
Extended Extended Validation
Validation
EVEVExtended Extended Validation
Validation
18
However all However all these little men
these little men are a wee bit
are a wee bit expensiveexpensive
However all However all these little men
these little men are a wee bit
are a wee bit expensiveexpensive
AUTOMATE THE LOT
19
DVDV
Domain
Domain
Validation
Validation
DVDV
Domain
Domain
Validation
Validation
Subject: Please
Subject: Please sign certificate
sign certificate forforExample.com
Example.com
Subject: Please
Subject: Please sign certificate
sign certificate forforExample.com
Example.comRA sends a mail
RA sends a mail
to well known
to well known
addressaddress
@example.com
@example.com
RA sends a mail
RA sends a mail
to well known
to well known
addressaddress
@example.com
@example.com
When mail When mail returned CA will
returned CA will signsign
When mail When mail returned CA will
returned CA will signsign
20
DVDV
Domain
Domain
Validation
Validation
DVDV
Domain
Domain
Validation
Validation
All these checks
All these checks are based on
are based on information
information fetched from the
fetched from the DNSDNS
All these checks
All these checks are based on
are based on information
information fetched from the
fetched from the DNSDNS
Hold that thought
Hold that thoughtfor Jakob’s
for Jakob’s presentation
presentation
Hold that thought
Hold that thoughtfor Jakob’s
for Jakob’s presentation
presentation
21
SecondaryDNS
primaryDNS
Registrars& Registrants
Registry
SecondaryDNS
Server vulnarability
Man in the Middle
spoofing&
Man in the Middle
DNS System
DNS System
Vulnerabiliti
Vulnerabilitieses
DNS System
DNS System
Vulnerabiliti
Vulnerabilitieses
Provisioning Provisioning
Vulnarabilities
VulnarabilitiesProvisioning Provisioning
Vulnarabilities
Vulnarabilities
22
What can one do
What can one do to protect...
to protect...(skipping DNSSEC)
(skipping DNSSEC)
What can one do
What can one do to protect...
to protect...(skipping DNSSEC)
(skipping DNSSEC)
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Taking Unbound as example
Taking Unbound as example Other servers
Other servers might make other
might make other choices, but any
choices, but any modern resolver
modern resolver takes similar
takes similar approaches
approaches
Other servers
Other servers might make other
might make other choices, but any
choices, but any modern resolver
modern resolver takes similar
takes similar approaches
approaches
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Security Choices in Unbound
Security Choices in Unbound
•In general, a modern paranoid resolver
•DNSSEC support.
•RFC 2181 support completely
•Fine grained. Keeps track of where RRSets came from and won't upgrade them into answers.
•Does not allow RRSets to be overridden by lower level rrsets
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
FilteringFiltering• Scrubber:
• Only in-bailiwick data is accepted in the answer
• The answer section must contain only answer
• CNAME, DNAME checked that chain is correct
• CNAME cut off and only the first CNAME kept
• Lookup rest yourself do not trust other server
• DNAME synthesize CNAME by unbound do not trust other server. Also cut off like above.
• DNAME from cache only used if DNSSEC-secure.
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Filtering IIFiltering II•No address records in authority,
additional section unless relevant – i.e. mentioned in a NS record in the authority section.
•Irrelevant data is removed
•When the message only had preliminary parsing and has not yet been copied to the working region of memory
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
EntropyEntropy•Randomness protects against spoof
•Arc4random() (OpenBSD): crypto strong. May not be perfectly random, but predicting it is a cryptographical breakin.
•Real entropy from OS as seed
•Query id – all 16 bits used.
•Port randomisation – uses all 16bits there, goes out of its way to make sure every query gets a fresh port number
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Entropy IIEntropy II• Destination address, and ipv4/ipv6. RTT band of
400msec (=everything).
• Its not the timewindow but the randomness
• Query aggregation – same queries are not sent out – unless by different threads
• Qname strict match checked in reply
• 0x20 option
• Harden-referral-path (my draft) option
• Can use multiple source interfaces!
• 4 outgoing IP address add +2 bits
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Other measuresOther measures• Not for the wire itself
• Heap function pointer protection (whitelisted)
• Chroot() by default
• User privileges are dropped (lots of code!)
• ACL for recursion
• No detection of attacks – assume always under attack
• version.bind hostname.bind can be blocked or configured what to return (version hiding)
• Disprefer recursion lame servers – they have a cache that can be poisoned
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Arms Race...
Arms Race...
Arms Race...
Arms Race...
Introducing
Introducing
DNSSECDNSSECIntroducing
Introducing
DNSSECDNSSEC
31
MetaphorMetaphorMetaphorMetaphor
MetaphorMetaphor
32
primaryDNS
SecondaryDNS
Registrars& Registrants
Registry
SecondaryDNS
End to End End to End SecuritySecurity
End to End End to End SecuritySecurity
33
All done using
All done using Public Key crypto
Public Key crypto
All done using
All done using Public Key crypto
Public Key crypto
DNSKEY: DNSKEY:
public key public key
from the from the
keypairkeypair
DNSKEY: DNSKEY:
public key public key
from the from the
keypairkeypair RRSIG: Signatures
RRSIG: Signatures
made with a
made with a
private key from
private key from
the keypair
the keypair
RRSIG: Signatures
RRSIG: Signatures
made with a
made with a
private key from
private key from
the keypair
the keypair
NSEC and NSEC3NSEC and NSEC3
For pre-For pre-
calculated Denial calculated Denial
of Existenceof Existence
NSEC and NSEC3NSEC and NSEC3
For pre-For pre-
calculated Denial calculated Denial
of Existenceof Existence
DSDS
For delegating
For delegating
SecuritySecurity
DSDS
For delegating
For delegating
SecuritySecurity
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
But more on that later
But more on that laterLet us have a look
Let us have a look
at another
at another
cryptographic DNS
cryptographic DNS
protection
protection mechanism
mechanism
Let us have a look
Let us have a look
at another
at another
cryptographic DNS
cryptographic DNS
protection
protection mechanism
mechanism
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Securing Host-Host
Communication
Securing Host-Host
Communication
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
SecondaryDNS
primaryDNS
Registrars& Registrants
Registry
SecondaryDNS
Data flow through the DNS
What should you protect...
HOST Security
TSIG
TSIG (rarely)
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Transaction Signature: TSIG
Transaction Signature: TSIG
•TSIG (RFC 2845)
–Authorising dynamic updates and zone transfers
–Authentication of caching forwarders
–Independent from other features of DNSSEC
•One-way hash function
–DNS question or answer and timestamp
•Traffic signed with “shared secret” key
•Used in configuration, NOT in zone file
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
SOA …
SOA
SIG: FOOB@R
Master
TSIG ExampleTSIG Example
Slave
KEY: $h@r3dS3cr3t
KEY: $h@r3dS3cr3t
AXFR
Sig: B1@F00
SOA …
SOA
SIG: FOOB@R
verification
verification
Query: AXFR
Response: Zone
AXFR
Sig: B1@F00
AXFR
Sig: B1@F00
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
TSIG for Zone Transfers
TSIG for Zone Transfers
1.Generate secret
2.Communicate secret
3.Configure servers
4.Test
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Importance of the Time Stamp
Importance of the Time Stamp•TSIG/SIG(0) signs a complete DNS
request / response with time stamp
– To prevent replay attacks
– Currently hardcoded at five minutes
•Operational problems when comparing times
– Make sure your local time zone is properly defined
–date -u will give UTC time, easy to compare between the two systems
– Use NTP synchronisation!
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Authenticating Servers Using
SIG(0)
Authenticating Servers Using
SIG(0)•Alternatively, it is possible to use SIG(0)–Not yet widely used
–Works well in dynamic update environment
•Public key algorithm
–Authentication against a public key published in the DNS
•SIG(0) specified in RFC 2931
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.
Cool ApplicationCool Application•Use TSIG-ed dynamic updates to
configure configure your laptops name
•My laptop is know by the name of aagje.secret-wg.org
– http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
–Mac OS users: there is a bonjour based tool.
•www.dns-sd.org
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.