iWeb Communities: Blog

A new vulnerability has recently been discovered, which affects the reverse lookup of the domain name system (DNS).  An attacker could use this vulnerability to transfer a domain name towards a specific IP address.

This type of attack is often called DNS cache poisoning as described below :“The Domain Name System (DNS) is responsible for translating host names to adresses IP (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. DNS cache poisoning is not a new concept; in fact, there are published articles that describe a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning.“

For a complete report concerning this notice,  please refer to the following URL:
https://www.kb.cert.org/CERT_WEB/services/vul-notes.nsf/id/800113

We strongly recommended you execute the tests below to make sure your server is protected against this type of attack:
https://www.dns-oarc.net/oarc/services/dnsentropy
https://www.dns-oarc.net/oarc/services/porttest
http://www.doxpara.com/

If your server executes an exploitable version of BIND, You can use the following alternative to fix (and protect) your version against this type of attack :

http://www.isc.org/index.pl?/sw/bind/docs/forwarding.php

If you would prefer that our team take a look at your server to confirm if your version of BIND is exploitable, you can open a work order by logging into your client hub at (http://hub.iWeb.com/).

For more information regarding this post, please contact us at: support@iWeb.com