SAD DNS: after the “Reloaded” of DNS poisoning, the “Resurrection”

In November 2020, a new way to do DNS cache poisoning surfaced; this vulnerability is called SAD DNS and has its dedicated site.

Like Matrix, the first paper is entitled “ DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels ”, while today’s one is called“ DNS Cache Poisoning Attack: Resurrections with Side Channels ”. This new form of attack is therefore a variant of SAD DNS, which was itself based on the poisoning of DNS caches (corrected to 2008). We find some of the same researchers in both publications, as reported by The Hacker News.

According to them, this vulnerability “ affects no only Linux, but also a wide range of DNS software running on it, including BIND, Unbound and DNS masq ”. Still according to the researchers, “ approximately 38% of open resolvers ”would be vulnerable,“ including popular DNS services such as OpenDNS and Quad9 ”.

The team claims to have obviously warned upstream and that patches have already been deployed on Linux, both for IPv4 and v6.

Back to top button