Researchers disclose vulnerability in DNS resolver software

Researchers at SIDN Labs (the registry for the .nl country-code top level domain (ccTLD)), InternetNZ (the registry for .nz), the Information Science Institute, and the University of Southern California have disclosed a vulnerability in domain name system (DNS) resolver software. Named tsuNAME, the vulnerability can be weaponised to carry out distributed denial of service (DDoS) attacks against authoritative DNS servers. A tsuNAME-related event was observed in 2020 at the .nz authoritative servers, where two domains were misconfigured with cyclic dependencies, causing the total traffic to grow by 50%. It was also found that EU-based ccTLDs experienced a ten times traffic growth due to cyclic dependent misconfigurations. The vulnerability was initially disclosed to vendors and operators, before being made public; in the meantime, Google Public DNS and Cisco OpenDNS – two major public resolver DNS providers – have fixed the vulnerability in their software. More details about tsuNAME are available in the technical report and the security advisory for operators and developers of DNS software.