A joint study by researchers at the SIDN Lab, InternetNZ and the Information Science Institute at the University of Southern California discovered a vulnerability called TsuNAME in some DNS resolvers. This vulnerability causes DDoS attacks against authoritative DNS servers by attackers.
The researchers, DNS OARC35 çalıştayı sırasında TsuNAME hatasını ilan ettiler ve bulgularını etkilenen kuruluşlarla paylaşarak, güvenlik açığı ilan edilmeden önce sorunu ele almaları için 90 gün bekleyeceklerini belirttiler. Araştırmacılar, “.nz” alanından toplanan verilerin, yanlış yapılandırılmış iki alanın tek başına .nz’in yetkili sunucuları için toplam trafik hacminde %50 bir artışa neden olduğunu tespit etti.
The researchers discovered this flaw when analyzing production data in .nz, which is New Zealand's country code, top-level domain (ccTLD). Experts stated that the main reason for the 50% increase in total traffic volume for .nz's proxy servers is two misconfigured domains.
Although patches that fix the TsuNAME vulnerability have been released by the widely used DNS service provider Google and Cisco, many servers are still considered to be vulnerable to attacks.
A must-have recursive DNS resolver is the process of taking DNS resolution, which is one of its basic components, the IP address of 142.250.71.36 and converting it to a hostname such as "www.google.com". DNS responds to the domain name by making a request to the client's request for a web page. An authoritative DNS server is like a dictionary that holds the full IP address for the searched domain.
Researchers have decided to reduce the impact of the TsuNAME security vulnerability and to detect circular dependencies of authorized DNS server operatorsCycleHunter
Source:
tsuname.io
tsuname.io/tech_report.pdf
