InternetNZ has disclosed a vulnerability against authoritative DNS servers that it claims could be exploited to carry out denial-of-service (DoS) attacks across the world.
The vulnerability, called TsuNAME, was noticed in the .nz registry in February 2020, the New Zealand top level internet domain manager said in a disclosure notice, dated 6 May 2021.
“In February 2020, two .nz domains were unintentionally misconfigured with cyclic dependencies, which resulted in a 50 per cent surge in DNS traffic for all .nz infrastructure,” the industry body said in its disclosure post.
The phenomenon was later studied and replicated by an international group of researchers from InternetNZ, SIDN Labs, InternetNZ’s counterpart in the Netherlands, and the University of Southern California Information Science Institute (USC/ISI).
Further tests showed that conditions for an attack event were easy to execute, and the consequences were serious, the organisation said.
According to InternetNZ, the TsuNAME vulnerability requires three things to be exploited: cyclic dependent NS records, vulnerable resolvers and user queries to start or drive the process.
“Google Public DNS was the main affected party by this vulnerability,” InternetNZ chief scientist Sebastian Castro said. “They received a private responsible disclosure from our group in October 2020 and have repaired their code since then.
“We also reached out to Cisco, whose Public DNS was affected as well, and it is now fixed,” he added.
After reaching out privately to the DNS and registry community earlier this year, the group of researchers developed a security advisory paper and an open-source detection tool called Cycle Hunter.
TLDs from around the world have since been using Cycle Hunter to detect and remove cyclic dependencies.
“This underground work of months shows our organisations’ commitment to a better Internet, where issues that can affect others are identified and fixed. Our work is not finished yet,” Castro said.
In August last year, InternetNZ tapped into CERT NZ’s local threat feed to underpin the capability of its Defenz DNS Firewall security product as part of a new partnership between the two organisations.
The not-for-profit organisation introduced its Defenz Domain Name System (DNS) Firewall on a free four-month trial in June, in a move that effectively saw the organisation enter the cyber security market.