L4. Compare recursive and iterative DNS resolvers. What are security challenges in DNS? Flashcards
What is a DNS resolver?
A specific type of DNS server responsible for translating domain names into IP addresses
What is a recursive DNS resolver?
A DNS resolver that handles the whole DNS resolution process for the client. The resolver collects all the necessary information and sends back a complete response.
What is an iterative DNS resolver?
A DNS resolver that handles only the initial DNS query. It provides the next step rather than the complete answer, requiring the client to follow a chain of referrals to DNS servers to get the final answer.
What is the recursive DNS resolution process?
- Client (e.g., a web browser) queries a recursive resolver
- The recursive resolver queries multiple DNS servers on behalf of the client, starting with the root DNS servers, then proceeds to TLD (Top-Level Domain) servers, and finally to the authoritative servers for the domain in question.
- The resolver collects all the necessary information and sends a complete response back to the client.
What is the iterative DNS resolution process?
- The client queries an iterative resolver
- The resolver provides partial information, directing the client to other DNS servers.
- The client queries each DNS server sequentially. For instance, it starts with the root server, which points to a TLD server, and then queries the TLD server, which points to an authoritative server.
What are advantages and disadvantages of recursive DNS resolvers?
Advantages: simplicity and caching.
Clients do not need to handle the complexity of querying multiple servers. Recursive resolvers often cache responses, reducing latency for repeated queries and decreasing the load on DNS infrastructure.
Disadvantages: overhead and bottlenecks.
The resolver handles the entire query process, which can be resource-intensive. A high load on recursive resolvers can become a bottleneck, impacting response times.
What are advantages and disadvantages of iterative DNS resolvers?
Advantages: reduced load on resolvers and client control.
Each server only needs to provide partial information, distributing the load. Clients have more control over the query process, which can be advantageous in certain scenarios.
Disadvantages: complexity and increased latency.
Clients must handle multiple queries and manage the state of the ongoing resolution process. The overall resolution process may take longer due to multiple round trips between the client and various DNS servers.
What are security challenges in DNS?
Spoofing, tunneling, DDoS attacks, MitM attacks, amplification attacks, registrar hijacking, typosquatting and homograph attacks
What is DNS spoofing?
When attackers insert false information into the cache of a recursive resolver, redirecting users to malicious sites.
How can spoofing be mitigated?
DNSSEC (Domain Name System Security Extensions) provides data origin authentication and data integrity to protect against spoofing attacks.
What is DNS tunneling?
When attackers encapsulate other protocols within DNS queries and responses to bypass security measures and exfiltrate data.
What are DDoS attacks?
Distributed Denial of Service Attacks: Attackers overwhelm DNS servers with a high volume of queries, causing service disruption.
How can DNS tunneling be mitigated?
Monitoring and filtering DNS traffic, using DNS firewalls, and anomaly detection systems can help detect and block tunneling activities.
How can DDoS attacks be mitigated?
Using redundant DNS infrastructure, anycast routing, and DDoS mitigation services can help absorb and deflect attack traffic.
What are MitM attacks?
Man-in-the-Middle Attacks: Attackers intercept and potentially alter DNS queries and responses between clients and DNS servers.
