Speaker
Description
The open DNS infrastructure (ODNS) includes all devices that
accept and resolve DNS queries from any client. As an open system,
the ODNS infrastructure is a popular target for attackers who search
for amplifiers of DNS requests, for periodic DNS scan campaigns,
which try to expose the attack surface, and for researchers who
want to learn more about DNS behavior.
Due to the danger posed by open DNS resolvers, e.g., misus-
ing them as amplifiers in DNS amplification attacks, several
campaigns have been launched to raise awareness of open DNS
infrastructure services. Their total number decreased from over 30
million in 2013 down to only a few million devices nowadays.
The two ODNS components that get most of the attention are re-
cursive resolvers and recursive forwarders. However, there is also
a third component called transparent forwarders, initially observed
in 2013. These devices transparently relay DNS requests to DNS
resolver by spoofing the clients IP address.
Unfortunately, researchers and scanning campaigns paid little
to no attention to transparent DNS forwarders. We recently revis-
ited the open DNS (ODNS) infrastructure, systematically measured
and analyzed transparent forwarders. Our findings raised con-
cerns for three reasons. First, the relative amount of transparent
forwarders increased from 2.2% in 2014 to 26% in 2021 (and 31%
in 2024). Second, as part of the ODNS, transparent forwarders inter-
act with unsolicited, potentially malicious requests. Third, common
periodic scanning campaigns such as Shadowserver or Censys still
do not capture transparent forwarders and thus underestimate the
current threat potential of the ODNS.
We argue that open transparent DNS forwarders pose a threat
to the Internet infrastructure. In addition to recursive forwarders,
they expand the potential field of attack, as they can be used to
interact with resolvers that are not publicly accessible.
To monitor the current state of the open DNS and better under-
stand the deployment of transparent forwarders, we launched a
long-term measurement campaign. We are currently in the process
of extending support for multiple DNS transports, in addition to
DNS over UDP and DNS over TCP.
In this presentation, we want to talk about our most recent find-
ings on the ODNS infrastructure, in particular we will highlight
insights gained between our initial study and now. We will
present our data set and would like to discuss potential collabora-
tions to improve the current situation by reducing the amount of
open transparent DNS forwarders.
| Talk duration | 10 Minutes (+discussion panel time) |
|---|
