Networking / Beginners

Corrupt DNS Packets

The DNS protocol specifies data sizes for queries and replies. Some DNS implementations do not properly check data boundaries. A packet may claim to have more data than it actually contains or may not contain enough data. These can result in buffer overflows and underflows.

Similarly, the DNS data fields can contain codes for jumping within the packet. This shorthand permits repeat domain names to be reused rather than duplicated in the packet. A misconfigured jump can result in an overflow or infinite processing loop (when the jump leads to itself).

Although most of today's DNS hosts are not vulnerable to these exploits, new network devices are released often. Many new devices rely on DNS for name lookups but implement their own version of the protocol rather than porting a vetted DNS library. These unique implementations are commonly vulnerable to malformed DNS packets.

[Previous] [Contents] [Next]