Networking / Beginners

---

Domain Keys Overloading

SPF is not the only protocol to overload existing DNS fields. Another anti-spam solution, Yahoo! Domain Keys (DK), uses two levels of overloading. First, DK defines a reserved hostname: _domainkey. For example, Yahoo! uses _domainkey.yahoo.com. The TXT field associated with this reserved hostname includes information related to DK authentication.

$ host -t txt _domainkey.yahoo.com
_domainkey.yahoo.com descriptive text "t=y\; o=~\;
n=http://antispam.yahoo.com/domainkeys"

OzymanDNS Overloading

At the 2004 Black Hat Briefings security conference, Dan Kaminsky demonstrated a set of tools called OzymanDNS. The Aska and Geta tools in OzymanDNS overload A, TXT, and CNAME fields with data. Using these tools, entire files can be distributed and stored on DNS servers. Kaminsky's presentation at Black Hat included playing an audio file that he had distributed across a few thousand DNS servers. Each server held a few bytes of data.

Custom DNS

The functionality in BIND (and other common DNS servers) is well defined. The same DNS query will return the same DNS results; however, the implementation is independent of the protocol. Custom DNS servers do not need to return the same information each time; a custom DNS server could return different information based on the request source or time of day. For example, an administrator could configure a custom server to return real-time network and host status in the TXT fields. A covert channel could easily hide information within a DNS response.