GovInfoSecurity
Compliance
Compliance Twitter Get Permission
Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that can be used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and Cisco have resolved the issue in their DNS servers.
Authoritative DNS servers are the final holder of the IP of a domain, responsible for providing details about specific websites to DNS servers, including information on domain names and IP addresses. The security researchers, Giovane C. M. Moura, Sebastian Castro, John Heinemann and Wes Hardaker, note the flaw affects DNS resolvers, which play a key role in converting web links to IP addresses in authoritative DNS servers.
The U.S. National Security Agency has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency s report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.
Using DNS over HTTPS, or DoH, in enterprise environments encrypts and helps hide DNS queries from third parties who might attempt to spy or manipulate network traffic, the NSA says. DNS translates domain names in URLs into IP addresses, making the internet easier to navigate,” the NSA notes. “However, it has become a popular attack vector for malicious cyber actors. DNS shares its requests and responses in plaintext, which can be easily viewed by unauthorized third parties.”