Your Cache/Recursive DNS server also requires your attention

Nicolas Cartron

Playlists: 'denog7' videos starting here / audio / related events

Nowadays, most of the DDoS attacks making the news are targeted against Authoritative DNS servers. While those attacks are the easiest to realise, as Authoritative DNS servers are public, it is important not to lose track of Cache/Recursive servers (As few PCs or laptops within the LAN can take it down very easily if they are infested by botnets). This presentation will focus on the Recursive/Cache part of DNS Security, and will take as example a specific attack that EfficientIP has named "Sloth Domain Attack", to illustrate how vulnerable a Recursive/Cache server is, and how easy it is to bring it down. We will also discuss some ideas and the necessity to take a new approach when dealing with DNS attacks on Cache/Recursive servers.