The remote DNS server allows queries for third-party names. Publicly available DNS servers should only response to queries regarding hosts to which they are authoritative. A recursive DNS server processes a domain name request on a domain name for which it is not authoritative (or has not already cached) by querying the root name servers for the IP address of the requested domain name. The root name server will then delegate the query to the appropriate top level domain (TLD) server (.com, .org, .net, etc.), which in turn delegates to the authoritative nameserver for the domain in question. A non-recursive server only provides the information it has available locally.
A malicious attacker may sends several thousand spoofed requests to a DNS server that allows recursion. The DNS server processes these requests as valid and then returns the DNS replies to the spoofed recipient (i.e., the victim). When the number of requests is in the thousands, the attacker could potentially generate a multi-gigabit flood of DNS replies. This is known as an amplifier attack because this method takes advantage of misconfigured DNS servers to reflect the attack onto a target while amplifying the volume of packets.
- Check references for detailed information about fixing this vulnerability.