A nice little tale of a domain name to get / know to distinguish / know DNS real and false

DNS cache poisoning

There is no need to explain it again, but the cases of phishing have not stopped and the method of guiding phishing sites (fake sites) has become more sophisticated. As a guidance method to a false site, although it is typical to make a false URL in mail text click,“DNS cache poisoning” is noticed that the risk is increasing in recent years .

DNS is a mechanism to manage the correspondence between domain name and IP address. There are two types of DNS: authoritative DNS server and cache DNS server.

The authoritative DNS server manages the correspondence information of domain name and IP address , and the rental server service usually operates this authoritative DNS server based on the information set by the site operator in the rental server service. You are

The cache DNS server that Internet users who try to access the website refer to is usually operated by the ISP (to which the user has a contract). Upon receiving a request from the user, the cache DNS server accesses the authoritative DNS server, obtains information on the IP address corresponding to the domain name, and returns it to the user.

At this time, the cache DNS server holds (caches) the exchanged information for a certain period of time, so that when the same query is received, it is possible to respond quickly without having to access the authoritative DNS server again. It has become (Figure 1).DNS cache poisoning, as the name suggests, is to cause users to be fake sites by letting this cache DNS server cache fake information.

If all information such as source IP address, port number and ID match, cache DNS server will accept fake information as genuine. As a result, if fake information is cached in the cache DNS server, users are easily directed to fake sites.

Mechanism for not caching false information

The security extension mechanism considered to prevent the cache DNS server from accepting false information is “DNSSEC (read as DNS S)”.

DNS cache poisoning attempts to cache fake information by forging fake information as if it were a response from the authoritative DNS server and sending it to the cache DNS server. DNSSEC is a mechanism that adds an electronic signature to the response from the authoritative DNS server, and allows the cache DNS server that received it to verify that it is a genuine response by verifying the signature. Because an external third party can not forge the same signature as the real one, the cache DNS server can shut out fake information.

DNSSEC from user’s point of view

Readers are likely to be rental server users and general Internet users. From the point of view of rental server users, ie site operators, DNSSEC has the effect of reducing the risk of phishing for those who access your website. How to assess the risk of phishing depends on the nature of the site, but if you are serving a user and managing login information, or dealing with credit card information etc at a shopping site, The risk of phishing is very high.Such sites should consider introducing DNSSEC in order to protect users.

In general, if you click a fake URL in a mail to lead to a phishing site, the imitated publisher will be less likely to be held liable. However, DNS cache poisoning is less effective for users accessing the Web, and, conversely, it is possible for site operators to reduce the risk by introducing DNSSEC. Just as the use of SSL server certificates has become commonplace at sites that ask for information, you may start to worry that they will not support DNSSEC in the future.

Also, from the standpoint of a general Internet user, you will be thinking about the risk of being directly hit by phishing. If the domain name to be accessed introduces DNSSEC and the DNS cache server of the ISP you are using supports DNSSEC signature verification, the risk of DNS cache poisoning will be extremely low.

When will DNSSEC be available?

DNS is a very long-running mechanism, but the risk of DNS cache poisoning has been known for some time. However, because the success rate of caching fake information was considered to be very low, it was not widely discussed. However, in 2008, a method for making DNS cache poisoning successful (very weirdly speaking) was announced very efficiently, and the momentum for the introduction of DNSSEC increased worldwide.

To enable DNSSEC, the authoritative DNS server side needs an additional process to attach a signature, and the cache DNS server side needs an additional process to verify a signature. It is a major change to the mechanism called DNS, and each person in charge is carefully proceeding with steps one by one. In DNS, which is the top layer of DNS, DNSSEC operations began in July 2010. Following this, top-level domain DNSSEC introduction is also in progress.

For JP domain names, from January 16, 2011, registration acceptance of information necessary for operating DNSSEC with each JP domain name will be started. In response to these developments, rental server service providers that operate authoritative DNS servers are also considering introducing DNSSEC. From now on, when choosing a rental server service, “is it compatible with DNSSEC” will also be an important option.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *