2. cnp3-ebook
3. protocols/dnssec
4. French
5. Browse

1 / 2

/ 2

Untranslated strings

• Untranslated strings • state:empty
• Unfinished strings • state:<translated
• Translated strings • state:>=translated
• Strings marked for edit • state:needs-editing
• Strings with suggestions • has:suggestion
• Strings with variants • has:variant
• Strings with labels • has:label
• Strings with context • has:context
• Unfinished strings without suggestions • state:<translated AND NOT has:suggestion
• Strings with comments • has:comment
• Strings with any failing checks • has:check
• Approved strings • state:approved
• Strings waiting for review • state:translated

Source string

• Position and priority
• Position
• Priority
• Labels
• Source string
• Target string
• String age
• Number of words
• Number of comments
• Number of failing checks
• Key

	English	French
	DNSSEC defines four new types of DNS records that are used together to authenticate the information distributed by the DNS.
	Footnotes
	Fortunately, designers of DNS servers and resolvers have found solutions to mitigate this type of attack. The easiest approach would have been to update the format of the DNS requests and responses to include a larger `Identifier` field. Unfortunately, this elegant solution was not possible with the DNS because the DNS messages do not include any version number that would have enabled such a change. Since the DNS messages are exchanged inside UDP segments, the DNS developers found an alternate solution to counter this attack. There are two ways for the DNS library used by Alice to send her DNS requests. A first solution is to bind one UDP source port and always send the DNS requests from this source port (the destination port is always port ``53``). The advantage of this solution is that Alice's DNS library can easily receive the DNS responses by listening to her chosen port. Unfortunately, once the attacker has found the source port used by Alice, he only needs to send 65,536 DNS responses to inject an invalid response. Fortunately, Alice can send her DNS requests in a different way. Instead of using the same source port for all DNS requests, she can use a different source port for each request. In practice, each DNS request will be sent from a different source port. From an implementation viewpoint, this implies that Alice's DNS library will need to listen to one different port number for each pending DNS request. This increases the complexity of her implementation. From a security viewpoint there is a clear benefit since the attacker needs to guess both the 16 bits `Identifier` and the 16 bits `UDP source port` to inject a fake DNS response. To generate all possible DNS responses, the attacker would need to generate almost :math:`2^{32}` different messages, which is excessive in today's networks. Most DNS implementations use this second approach to prevent these cache poisoning attacks.
	Given the above security risks, DNSSEC opted for a different approach that allows the negative replies to be authenticated by using offline signatures. The `NSEC` record exploits the lexicographical ordering of all the domain names. To understand its usage, consider a simple domain that contains three names (the associated `AAAA` and other records that are not shown) :
	If a resolver queries `delta.example.org`, the server will parse its zone. If this name were present, it would have been placed, in lexicographical order, between the `beta.example.org` and the `gamma.example.org` names. To confirm that the `delta.example.org` name does not exist, the server returns the `NSEC` record for `beta.example.org` that indicates that the next valid name after `beta.example.org` is `gamma.example.org`. If the server receives a query for `pi.example.org`, this is the `NSEC` record for `gamma.example.org` that will be returned. Since this record contains a name that is before `pi.example.org` in lexicographical order, this indicates that `pi.example.org` does not exist.
	If Mallory cannot control a router on the path between Alice and her resolver, she could still launch a different attack. To understand this attack, it is important to correctly understand how the DNS protocol operates and the roles of the different fields of the DNS header which is reproduced in the figure below.
	In this domain, the DNSSEC server adds three `NSEC` records. A `RRSIG` signature is also computed for each of these records.
	Let us illustrate it on an example. Assume that Alice frequently uses the `example.net` domain and in particular the web server whose name is `www.example.net`. Mallory would like to redirect the TCP connections established by Alice towards `www.example.net` to one IP address that he controls. Assume that Mallory controls the `mallory.net` domain. Mallory can tune the DNS server of his domain and add special DNS records to the responses that it sends. An attack could go roughly as follows. Mallory forces Alice to visit the `www.mallory.net` web site. He can achieve this by sending a spam message to Alice or buying advertisements on a web site visited by Alice and redirect one of these advertisements to `www.mallory.net`. When visiting the advertisement, Alice's DNS resolver will send a DNS request for `www.mallory.net`. Since Mallory control the DNS server, he can easily add in the response a `AAAA` record that associates `www.example.net` to the IP address controlled by Mallory. If Alice's DNS library does not check the returned response, the cache entry for `www.example.net` will be replaced by the `AAAA` record sent by Mallory.
	Mallory has studied the DNS protocol and understands how it works. If he can predict a popular domain for which Alice will regularly send DNS requests, then he can prepare a set of DNS responses that map the name requested by Alice to an IP address controlled by Mallory instead of the legitimate DNS response. Each DNS response has a different `Identification`. Since there are only 65,536 values for the `Identification` field, it is possible for Mallory to send them to Alice hoping that one of them will be received while Alice is waiting for a DNS response with the same identifier. In the past, it was difficult to send 65,536 DNS responses quickly enough. However, with the high speed links that are available today, this is not an issue anymore. A second concern for Mallory is that he must be able to send the DNS responses as if they were coming directly from the DNS resolver. This implies that Mallory must be able to send IP packets that appear to originate from a different address. Although networks should be configured to prevent this type of attack, this is not always the case and there are networks where it is possible for a host to send packets with a different source IP address [#fspoof]_. If the attack targets a single end user, e.g. Alice, this is annoying for this user. However, if the attacker can target a DNS resolver that serves an entire company or an entire ISP, the impact of the attack can be much larger in particular if the injected DNS response carries a long TTL and thus resides in the resolver's cache for a long period of time.
	Securing the Domain Name System
	See http://spoofer.caida.org/summary.php for an ongoing measurement study that analyses the networks where an attacker could send packets with any source IP address.
	Thanks to the `DS` record, a resolver can validate the public keys of client zones as long as their is a chain of `DS` -> `DNSKEY` records from an anchored key. If the resolver trusts the public key of the root zone, it can validate all DNS replies for which this chain exists.
	the `DNSKEY` record allows storing the public key associated with a zone. This record is encoded as a TLV and includes a `Base64` representation of the key and the identification of the public key algorithm. This allows the `DNSKEY` record to support different public key algorithms.
	The Domain Name System provides a critical service in the Internet infrastructure since it maps the domain names that are used by end users onto IP addresses. Since end users rely on names to identify the servers that they connect to, any incorrect information distributed by the DNS would direct end users' connections to invalid destinations. Unfortunately, several attacks of this kind occurred in the past. A detailed analysis of the security threats against the DNS appeared in :rfc:`3833`. We consider three of these threats in this section and leave the others to :rfc:`3833`.
	the `DS` record contains a hash of a public key. It is used by a parent zone to certify the public key used by one of its child zones.
	The first field of the header is the `Identification` field. When Alice sends a DNS request, she places a 16-bits integer in this field and remembers it. When she receives a response, she uses this `Identification` field to locate the initial DNS request that she sent. The response is only used if its `Identification` matches a pending DNS request (containing the same question).
	The first type of attack is `eavesdropping`. An attacker who can capture packets sent to a DNS resolver or a DNS server can gain valuable information about the DNS names that are used by a given end user. If the attacker can capture all the packets sent to a DNS resolver, he/she can collect a lot of meta data about the domain names used by the end user. Preventing this type of attack has not been an objective of the initial design of the DNS. There are currently discussions with the IETF to carry DNS messages over TLS sessions to protect against such attacks. However, these solutions are not yet widely deployed.
	The last record introduced by DNSSEC is the `NSEC` record. It is used to authenticate a negative response returned by a DNS server. If a resolver requests a domain name that is not defined in the zone, the server replies with an error message. The designers of the original version of the DNS thought that these errors would not be very frequent and resolvers were not required to cache those negative responses. However, operational experience showed that queries for invalid domain names are more frequent than initially expected and a large fraction of the load on some servers is caused by repeated queries for invalid names. Typical examples include queries for invalid TLDs to the root DNS servers or queries caused by configuration errors [WF2003]_. Current DNS deployments allow resolvers to cache those negative answers to reduce the load on the entire DNS :rfc:`2308`.
	The next step is to contact `ns.org`, the `NS` responsible for the `.org` TLD to retrieve the `NS` record for the `example.org` domain. This record is accompanied by a `RRSIG` record that authenticates it. This `RRSIG` record is signed with the key of the `.org` domain. Alice's resolver can retrieve this public key as the `DNSKEY` record for the `.org`, but how can it trust this key since it is distributed by using the DNS and could have been modified by attackers ? DNSSEC solves this problem by using the `DS` record that is stored in the parent zone (in this case, the root zone). This record contains a hash of a public key that is signed with a `RRSIG` signature. Since Alice's resolver's trusts the root key, it can validate the signature of the `DS` record for the `.org` domain. It can then retrieve the `DNSKEY` record for this domain from the DNS and compare the hash of this key with the `DS` record. If they match, the public key of the `.org` domain can be trusted. The same technique is used to obtain and validate the key of the `example.org` domain. Once this key is trusted, Alice's resolver can request the `AAAA` record for `www.example.org` and validate its signature.
	the `NSEC` record is used when non-existent domain names are queried. Its usage will be explained later