DNS cache snooping

  • The remote DNS server is vulnerable to DNS cache snooping attacks. DNS cache snooping is the process of determining whether a given Resource Record (RR) is (or not) present on a given DNS cache.
    The most effective way to snoop a DNS cache is using iterative queries. One asks the cache for a given resource record of any type (A, MX, CNAME, PTR, etc.) setting the RD (recursion desired) bit in the query to zero. If the response is cached the response will be valid, else the cache will reply with information of another server that can better answer our query, or most commonly, send back the root.hints file contents.
    This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. Publicly available DNS servers should only response to queries regarding hosts to which they are authoritative.
  • Check references for detailed information about fixing this vulnerability.