Ambiguity and complexity in the DNS protocol has caused the issues, dos Santos says. Because of the complexity of the DNS specification, vulnerability types that we have known about for 20 years are appearing in implementations of network stacks, he says. The more complex the software or protocol gets, the more difficult the protocol is to implement, so we need to make them as least complex as possible, which is not always possible.
Earlier this month, Forescout and JSOF disclosed nine vulnerabilities that affected four different TCP/IP stacks and could affect hundreds of millions of Internet of Things (IoT) and network devices. The vulnerabilities, dubbed NAME:WRECK by the companies, are the latest disclosures coming from their research into the vendor implementations that handle domain-name system (DNS) traffic. Their research, dubbed Project Memoria, also includes Ripple20, a set of 19 vulnerabilities that affected the Treck TCP/IP stack, among others; AMNESIA:20, a se