Gulu la ofufuza ochokera ku yunivesite ya Tel Aviv ndi Interdisciplinary Center ku Herzliya (Israel)
Vutoli limakhudzana ndi mawonekedwe a protocol ndipo limakhudza ma seva onse a DNS omwe amathandizira kukonzanso kwamafunso, kuphatikiza.
Kuwukiraku kumatengera wowukirayo pogwiritsa ntchito zopempha zomwe zimatanthawuza kuchuluka kwa mbiri zabodza za NS zomwe sizinawonekere, zomwe kutsimikizika kwa mayina kumaperekedwa, koma osatchula zolemba zamagulu ndi zambiri za ma adilesi a IP a ma seva a NS poyankha. Mwachitsanzo, wowukira amatumiza funso kuti athetse dzina sd1.attacker.com poyang'anira seva ya DNS yomwe ili ndi domain ya attacker.com. Poyankha pempho la wotsutsa ku seva ya DNS yowukirayo, yankho limaperekedwa lomwe limapereka kutsimikiza kwa adilesi ya sd1.attacker.com ku seva ya DNS ya wozunzidwayo powonetsa zolemba za NS poyankha popanda kufotokozera ma seva a IP NS. Popeza seva ya NS yomwe yatchulidwayi sinakumanepo nayo kale ndipo adilesi yake ya IP sinatchulidwe, wosankhayo amayesa kudziwa adilesi ya IP ya seva ya NS potumiza funso ku seva ya DNS ya wozunzidwayo yomwe ikugwiritsa ntchito dera lomwe mukufuna (victim.com).
Vuto ndiloti wowukirayo amatha kuyankha ndi mndandanda waukulu wa ma seva a NS osabwerezabwereza omwe ali ndi mayina abodza omwe sapezekapo (fake-1.victim.com, fake-2.victim.com,... fake-1000. victim.com). Wosankhayo ayesa kutumiza pempho kwa seva ya DNS ya wozunzidwayo, koma adzalandira yankho kuti derali silinapezeke, pambuyo pake adzayesa kudziwa seva yotsatira ya NS pamndandanda, ndi zina zotero mpaka atayesa zonse. Zolemba za NS zolembedwa ndi wowukirayo. Chifukwa chake, pa pempho la wowukira m'modzi, wosankhayo atumiza zopempha zambiri kuti adziwe omwe ali ndi NS. Popeza mayina a seva ya NS amapangidwa mwachisawawa ndipo amalozera ku ma subdomain omwe palibepo, samachotsedwa ku cache ndipo pempho lililonse lochokera kwa wowukirayo limabweretsa kuchuluka kwa zopempha ku seva ya DNS yomwe imathandizira dera la wozunzidwayo.
Ofufuza adafufuza kuchuluka kwa kusatetezeka kwa othetsa DNS pagulu pavutoli ndipo adatsimikiza kuti potumiza mafunso ku CloudFlare resolutioner (1.1.1.1), ndizotheka kuwonjezera kuchuluka kwa mapaketi (PAF, Packet Amplification Factor) ndi nthawi 48, Google. (8.8.8.8) - 30 nthawi, FreeDNS (37.235.1.174) - 50 nthawi, OpenDNS (208.67.222.222) - 32 nthawi. Zizindikiro zowoneka bwino zimawonedwa
Level3 (209.244.0.3) - 273 nthawi, Quad9 (9.9.9.9) - 415 nthawi
SafeDNS (195.46.39.39) - 274 nthawi, Verisign (64.6.64.6) - 202 nthawi,
Ultra (156.154.71.1) - 405 nthawi, Comodo Secure (8.26.56.26) - 435 nthawi, DNS.Watch (84.200.69.80) - 486 nthawi, ndi Norton ConnectSafe (199.85.126.10) - nthawi 569. Kwa ma seva ozikidwa pa BIND 9.12.3, chifukwa cha kufanana kwa zopempha, mlingo wopindula ukhoza kufika ku 1000. Mu Knot Resolver 5.1.0, mlingo wopindula uli pafupifupi makumi angapo nthawi (24-48), kuyambira kutsimikiza kwa Mayina a NS amachitidwa motsatizana ndipo amatsamira malire amkati pa kuchuluka kwa njira zothetsera mayina zomwe zimaloledwa pa pempho limodzi.
Pali njira ziwiri zazikulu zodzitetezera. Kwa machitidwe omwe ali ndi DNSSEC
Source: opennet.ru