A Pretty Lively Week for a Middle-Aged Protocol

Share On Facebook
Share On Twitter
Share On Linkedin

Boy, in just the last week, I’ve seen a number of notable developments in the world of DNS. You’d think that, after 25+ years, activity would die down a little!

First, OpenDNS and Google Public DNS announced that they’re going to start trials of the extension described in draft-vandergaast-edns-client-subnet-00. Basically, that Internet Draft proposes a new EDNS0 option that would allow a recursive name server to include the IP address of the original stub resolver in the queries it sends to authoritative name servers. While at first blush that may not make sense – why would an authoritative name server care what the original querier’s IP address was? – recall that “authoritative name servers” are in many cases fancy global server load balancers run by content delivery networks, and that they want to decide where to direct you based on whereabouts on the Internet you live. Until now, if you used big recursive name servers in the sky such as OpenDNS or Google Public DNS, you’d always look to a CDN like you were coming from whichever anycast instance you’d happened to be directed to. Now you can actually get a response that’s meant for you.

There’s a little bit of controversy over this because the trials are using an EDNS0 “code point” that isn’t officially allocated for this purpose. There is no such code point yet, because to get one the folks behind the proposal need to have their Internet Draft advanced to an RFC. You can’t blame the authors for wanting to get their trial going, but we can’t just be grabbing any old code points we want, can we? That way lies madness.

In other DNS news, a Sri Lankan branch of Anonymous claims to have hacked the name servers of Apple, Microsoft and Symantec. The press was a little vague about what actually happened, referring to it as a “DNS Cache Snoop Poisoning” attack, which sounds like a portmanteau of two very different DNS attacks to me. I found the group’s claims online and what they actually did seems innocuous: They tried reverse-mapping IP addresses in networks registered to the companies and, when they got results, they printed them. So the end result of their shenanigans appears to be a snippet of the old host table; for example:

17.254.3.35 guidejp2-n.apple.com

17.254.3.31 guide1-n.apple.com

17.254.3.26 rsis-ws01.apple.com

17.254.3.22 gcrmbzp11.apple.com

There’s no evidence that the companies’ name servers or the hosts identified were breached. As an AAPL shareholder, I’m not going to sweat this.

And that’s just some of the DNS news over the last week (Paxfire and NXDOMAIN redirection lawsuits, anyone?). I can’t wait to see what next week brings.

Labels:

Cricket Liu

Chief DNS Architect at Infoblox

Cricket is one of the world’s leading experts on the Domain Name System (DNS), and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an Internet consulting and training company, Acme Byte & Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including “DNS and BIND,” one of the most widely used references in the field, now in its fifth edition.

View All Posts
×