Page 779 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 779
Further Reading on DNS
For an excellent primer to advanced discussion on DNS, its
operation, known issues, and the Dan Kaminsky vulnerability,
please visit “An Illustrated Guide to the Kaminsky DNS
Vulnerability”:
http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
For a look into the future of DNS, specifically the defense against
the Kaminsky vulnerability, visit www.dnssec.net.
DNS Poisoning
DNS poisoning is the act of falsifying the DNS information used by a
client to reach a desired system. It can take place in many ways.
Whenever a client needs to resolve a DNS name into an IP address, it
may go through the following process:
1. Check the local cache (which includes content from the HOSTS
file).
2. Send a DNS query to a known DNS server.
3. Send a broadcast query to any possible local subnet DNS server.
(This step isn’t widely supported.)
If the client doesn’t obtain a DNS-to-IP resolution from any of these
steps, the resolution fails, and the communication can’t be sent. DNS
poisoning can take place at any of these steps, but the easiest way is to
corrupt the HOSTS file or the DNS server query.
There are many ways to attack or exploit DNS. An attacker might use
one of these techniques:
Deploy a rogue DNS server (also known as DNS spoofing or
DNS pharming). A rogue DNS server can listen in on network
traffic for any DNS query or specific DNS queries related to a target
site. Then the rogue DNS server sends a DNS response to the client
with false IP information. This attack requires that the rogue DNS
server get its response back to the client before the real DNS server
