All Your DNS Records Point to Us Understanding the Security Threats of Dangling DNS Records

Authors

Daiping Liu, Univ Delaware, Newark, DE 19716 USA;
Shuai Hao
Haining Wang
Shuai Hao, William & Mary

Document Type

Article

Department/Program

Physics

Journal Title

Ccs'16: Proceedings of the 2016 ACM Sigsac Conference on Computer and Communications Security

Pub Date

2016

First Page

1414

Abstract

In a dangling DNS record (Dare), the resources pointed to by the DNS record are invalid, but the record itself has not yet been purged from DNS. In this paper, we shed light on a largely overlooked threat in DNS posed by dangling DNS records. Our work reveals that Dare can be easily manipulated by adversaries for domain hijacking. In particular, we identify three attack vectors that an adversary can harness to exploit Dares. In a large-scale measurement study, we uncover 467 exploitable Dares in 277 Alexa top 10,000 domains and 52 edu zones, showing that Dare is a real, prevalent threat. By exploiting these Dares, an adversary can take full control of the (sub) domains and can even have them signed with a Certificate Authority (CA). It is evident that the underlying cause of exploitable Dares is the lack of authenticity checking for the resources to which that DNS record points. We then propose three defense mechanisms to effectively mitigate Dares with little human effort.

Recommended Citation

Liu, Daiping; Hao, Shuai; Wang, Haining; and Hao, Shuai, All Your DNS Records Point to Us Understanding the Security Threats of Dangling DNS Records (2016). Ccs'16: Proceedings of the 2016 ACM Sigsac Conference on Computer and Communications Security.
10.1145/2976749.2978387

DOI

10.1145/2976749.2978387