NXDOMAIN Hijacking – A huge problem caused solely for profit

7 01 2014

One of the contemporary issues that my area of IT is currently discussing is what DNS is being used for that it was not designed to do. Paul Vixie (2009) wrote an article entitled What DNS is not. This article summed up the key issues in the use of DNS to serve ads through NXDOMAIN responses. (pg.44)

NXDOMAIN, also known as RCODE=3 (Mockapetris, 1987, pg.27)where designed to show negative answers in DNS queries. Modern day DNS resolvers at times use these results in a way they were not intended.Instead of the typical “error page” that a web browser would usually report, results from OpenDNS name servers would return a NOERROR response and point the results to an advertising server. (Vixie, 2009, pg.44)

Let’s look at an example. Using a domain that I know that does not exist, I can do a query against the caching servers from Google at the IP address of 8.8.8.8 and the ones at OpenDNS at 208.67.222.222. These are shown below.

> typeitwrong.com

Server: 8.8.8.8

Address: 8.8.8.8#53

 

** server can’t find typeitwrong.com: NXDOMAIN

> server 208.67.222.222

Default server: 208.67.222.222

Address: 208.67.222.222#53

> typeitwrong.com

Server: 208.67.222.222

Address: 208.67.222.222#53

 

Non-authoritative answer:

Name: typeitwrong.com

Address: 67.215.65.132

While the caching servers at Google report the domain correctly as an NXDOMAIN, the nameservers at OpenDNS give the NOERROR response and send a non-authoritative answer to the IP address of 67.215.65.132. Performing a DNS query on that IP address we see that OpenDNS has routed the NOERROR response to one of their own servers.

> 67.215.65.132

Server: 127.0.1.1

Address: 127.0.1.1#53

 

Non-authoritative answer:

132.65.215.67.in-addr.arpa name = hit-nxdomain.opendns.com.

 

Authoritative answers can be found from:

>

Now, this happens on any DNS lookup that should report a NXDOMAIN when querying the OpenDNS servers. I guess the next question is, Why is this such a big deal? Well for Internet browsing traffic it really is not that bad, but for other programs that count on the correct information from a TCP/IP stream, the wrong informaiton can be cached locally causing grave errors in scripting.

This is just one of the many abuses that DNS is going through instead of using as it was originally designed.

Mockapetris, P. (1987, November). Domain names – Implementation and specification. Retrieved January 7, 2014, from tools.ietf.org/html/rfc1035

Vixie, P. (2009). What DNS is not. Communications of The ACM52(12), 43-47. doi:10.1145/1610252.1610269

Advertisements




Vi/Vim

31 12 2013

Vi/Vim is a program that I use almost daily. Even with that, I learned a LOT from this article I found.

 

http://www.terminally-incoherent.com/blog/2012/03/21/why-vim/

 





More of a question of what to use for the creation of my coming dissertation

21 11 2013

I have always struggled using Microsoft Word when writing longer research material. Trying to use Word to do so means that I have to use other tools for outlining, brainstorming, etcetera, so I decided to look outwards to see what is there. I have found some unique programs like Scrivener from Literature and Latte (http://www.literatureandlatte.com) and also some other programs that seem to have had their start on the Mac platform. I have always wanted to be one of the ‘cool’ kids with the Mac Book Pro’s running multiple OSes, and I guess during this Doctoral program I am going to have to breakdown and purchase one. Anyone else have any good ideas for software to use in the writing of a dissertation?





Giant Arrows

18 11 2013

Giant Arrows

This is just a share, but how many of you know about this? I love history and this is a very big part of it. 





AIX (Unix) DNS caching

16 11 2013

Yes, UNIX is capable of caching DNS records. Experienced a discussion with a Unix developer the other day stating that Unix did not cache DNS entries, it queried the Name servers every time. I quickly remembered my coworker pointing out something that he found about AIX and caching of DNS entries. Here is the link https://www.ibm.com/developerworks/community/blogs/cgaix/entry/aix_6_1_resolv_conf_and_netcd?lang=en





Smile and silen…

16 11 2013

Smile and silence are two powerful tools. Smile is the way to solve many problems and silence is the way to avoid many problems.





Wisdom is the p…

14 11 2013

Wisdom is the principal thing; therefore get wisdom: and with all thy getting get understanding. Proverbs 4:7

My father-in-law stated that I am the only person he knows that is able to move vertically like I have in my profession even during the economic downturn that we are going through. I attribute it to one thing, and one thing only. My faith in my Savior Jesus Christ is what leads me daily. Without him, I would be nothing.