Speaker
Description
Since RFC 1034, DNS specifications have mandated that recursive resolvers must "bound the amount of work" performed per query. However, the definition of "work" has remained ambiguous, leading to a class of intrinsic risks that differ fundamentally from traditional volumetric reflection attacks. In practice, the resolution process involves complex interactions among delegations, aliases, retries, caching, and DNSSEC validation. These mechanisms can interact in unexpected ways, allowing a single query to trigger disproportionately large amounts of resolver work and leading to significant performance degradation.
In this presentation, we discuss our recent efforts to systematically understand such performance vulnerabilities in DNS resolvers. We introduce a formal model of recursive resolution that represents resolver behavior as a state transition system with associated resource costs. Building on this model, we develop rProfiler, a framework that explores the space of possible resolution traces and identifies worst-case query patterns that maximize resolver work. Applying rProfiler to three widely deployed resolver implementations reveals that even modest query rates can trigger substantial performance degradation under adversarial resolution patterns.
Our results shed light on how resolver work can grow unexpectedly during recursive resolution and help demystify the performance vulnerabilities that arise from it. We conclude by discussing the broader implications for resolver design and outlining directions toward more robust mechanisms for bounding resolver work in future DNS implementations.
| Talk duration | 10 Minutes (+5 for Q&A) |
|---|
