[dns-operations] Where to find "DNS resolution path corruption"?

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Feb 19 08:16:15 UTC 2008

On Mon, Feb 18, 2008 at 09:40:40PM -0600,
 John Kristoff <jtk at ultradns.net> wrote 
 a message of 12 lines which said:

>   <http://www.citi.umich.edu/u/provos/papers/ndss08_dns.pdf>

Thanks, I was not aware that it was public (none of the many Web pages
discussing this article provides a link).

The survey of ORNS is very interesting and you learn a lot of things
about their number and their characteristics (for instance that Turkey
has the lowest percentage of lying ORNS).

The sensationalist articles ("DNS Inventor Warns of Next Big Threat")
typically mentioned mostly a small part of the paper, the fact that
some malware modify DNS settings to use an ORNS instead of the
expected resolver.

This, IMHO, is not a DNS problem at all. If some malware can change
the MS-Windows registry to update the "NameServer" variable, it can
change anything and produce many other problems. The paper mentions
DNSSEC as a possible solution, which seems strange because the malware
could as well set "UseDNSSEC" to 0.

To summary: not a DNS problem at all. Purely a Windows security issue.

More information about the dns-operations mailing list