
NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities - mp3il
http://www.nxnsattack.com/
======
petee
Since there isn't an abstract, I'll drop a key quotes from the intro -

 _" In this paper, we point out a new vulnerability and show an attack, the
NXNSAttack, that exploits the way DNS recursive resolvers operate when
receiving NS referral response that contains nameservers but without their
corresponding IP addresses (i.e., missing glue-records)_"

 _" The NXNSAttack is more effective than the NXDomain attack: i) It reaches
an amplification factor of more than 1620x on the number of packets exchanged
by the recursive resolver. ii) Besides the negative cache, the attack also
saturates the ‘NS’ resolver caches._"

 _" Essentially the attacker issues many requests for sub-domains of domains
authorized by its own authoritative server (step 1 in Fig. 3). Each such
request is crafted to have a different sub-domain to make sure it is not in
the resolver’s cache, thus forcing the resolver to communicate with the
attacker’s authoritative server to resolve the queried subdomains (step 2).
The attacker authoritative name-server then returns an NS referral response
with n name-server names but without their glue records(step 3), i.e., without
their associated IP addresses, forcing the resolver to start a resolution
query for each one of the name-server names in the response_"

