Menu
InternetNZ discloses TsuNAME vulnerability

InternetNZ discloses TsuNAME vulnerability

The vulnerability, called TsuNAME, was noticed in the .nz registry in February 2020.

Sebastian Castro (InternetNZ)

Sebastian Castro (InternetNZ)

Credit: InternetNZ

InternetNZ has disclosed a vulnerability against authoritative DNS servers that it claims could be exploited to carry out denial-of-service (DoS) attacks across the world. 

The vulnerability, called TsuNAME, was noticed in the .nz registry in February 2020, the New Zealand top level internet domain manager said in a disclosure notice, dated 6 May 2021.  

“In February 2020, two .nz domains were unintentionally misconfigured with cyclic dependencies, which resulted in a 50 per cent surge in DNS traffic for all .nz infrastructure,” the industry body said in its disclosure post.   

The phenomenon was later studied and replicated by an international group of researchers from InternetNZ, SIDN Labs, InternetNZ’s counterpart in the Netherlands, and the University of Southern California Information Science Institute (USC/ISI).  

Further tests showed that conditions for an attack event were easy to execute, and the consequences were serious, the organisation said. 

According to InternetNZ, the TsuNAME vulnerability requires three things to be exploited: cyclic dependent NS records, vulnerable resolvers and user queries to start or drive the process. 

“Google Public DNS was the main affected party by this vulnerability,” InternetNZ chief scientist Sebastian Castro said. “They received a private responsible disclosure from our group in October 2020 and have repaired their code since then.  

“We also reached out to Cisco, whose Public DNS was affected as well, and it is now fixed,” he added.  

After reaching out privately to the DNS and registry community earlier this year, the group of researchers developed a security advisory paper and an open-source detection tool called Cycle Hunter.  

TLDs from around the world have since been using Cycle Hunter to detect and remove cyclic dependencies. 

“This underground work of months shows our organisations’ commitment to a better Internet, where issues that can affect others are identified and fixed. Our work is not finished yet,” Castro said. 

In August last year, InternetNZ tapped into CERT NZ’s local threat feed to underpin the capability of its Defenz DNS Firewall security product as part of a new partnership between the two organisations.

The not-for-profit organisation introduced its Defenz Domain Name System (DNS) Firewall on a free four-month trial in June, in a move that effectively saw the organisation enter the cyber security market. 


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags dosinternetnzsecurity

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments