A new Cyberattack type relying on the DNS has recently been discovered by researchers from Tsinghua University in China.
Before talking about this new type of attack, let’s review the distinction between the two types of Nameservers:
- Authoritative Nameservers: their role is to be the Authority, to know about the DNS records on a given domain name, a given zone (eg: iptwins.com) in order to answer queries from Resolvers Nameservers. The IP Twins Nameservers, visible on WHOIS records, are authoritative Nameservers.
- Resolver Nameservers: they send queries to authoritative Nameservers in order to obtain an information (eg: where does iptwins.com points to) on behalf of an end-user. Resolvers Nameservers are either public (Google, Cloudflare…), managed by Internet Service Providers (ISP) or companies.
The “DNSBomb” attack targets Resolvers Nameservers. It exploits DNS system features to generate Pulsating Denial-of-service, or PDoS: the attacker cumulates DNS queries sent at a low rate, amplifies these queries in order to obtain large-sized responses, and concentrate these responses on a short, high-volume burst in order to saturate the targeted system. Once the peak has been reached, the attack resumes with the first “cumulation” step (hence, the “pulsating” part).
Source it-connect.fr
Source : radware.com
This attack has been subject to several CVE (Common Vulnerabilities and Exposures) publications, notably the CVE-2024-33655.
IP Twins Nameservers, in light of the above, are not directly concerned by this CVE. However, it is important to keep up to date of this any news related to DNS security. It is all the more true in the context of the future application of the NIS2 directive, mentioned in this article.
IP Twins can help you manage your DNS zones securely and efficiently using a robust DNS architecture and its Domainarium platform, both of which are included in the scope of our ISO 27001 certification.
