Department of Computer Science Institute for System Architecture, Chair of Computer Networks Secure DNS / DNSsec Garbacz, Jan Eisfeld, Martin Gebhardt, Ralf Lu, Yi Mochaourab, Rami Knechtel, Martin Dresden, May 8th, 2006
Outline 01 Motivation 02 DNSsec Mechanism 03 BIND TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 2 von XYZ
01 Motivation Outline Classic DNS Attacks on DNS DNS Cache Poisoning DNS spoofing Man-in-the-Middle-Attack Attacks on DNS-Server Attacks on Clients Is DNSsec already used? TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 3 von XYZ
01 Motivation Classic DNS DNS translates between domain names and IP addresses Quite old (more than 20 years) DNS does not have any built-in security TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 4 von XYZ
01 Motivation Classic DNS TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 5 von XYZ
01 Motivation Attacks on DNS DNS Cache Poisoning Aim: changing information in DNS server to link user to a compromised server Function: user clicks link to Z, DNS server does not know -> ask Z, Z answers and adds additional info. For example, that XY is an alias for Z. if user surfs to XY the DNS send him the IP of Z Problem: elementary errors in DNS TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 6 von XYZ
01 Motivation Attacks on DNS DNS Cache Poisoning TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 7 von XYZ
01 Motivation Attacks on DNS DNS spoofing Aim: changing information in DNS server to link user to a compromised server Function: Z asks A for himself, A knows his IP, sends it back, answer includes a QueryID! Z asks for XY, A does not know XY, asks B. in this time Z sends the wrong answer. if the QueryID is correct, A will accept and the cache of A is poisoned all requests to A for XY will be linked to Z Problem: no authentication, simple guessing of the QueryID TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 8 von XYZ
01 Motivation Attacks on DNS DNS spoofing TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 9 von XYZ
01 Motivation Attacks on DNS Man-in-the-Middle-Attack changing of DNS-pakets, which are going past for example with an attacked router Attacks on DNS-Server getting access to weak servers an manipulate the database Attacks on Clients attacker sends modified replies to spoofed requests and the server the correct reply. the client accept the first reply. TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 10 von XYZ
Attacks on Clients It s easy for the hacker to snoop UDP DNS query send to well known server on well known port PC2 www. pc1.tu-dresden.de? www.pc1.tu-dresden.de 141.30.211.3 www.pc1.tu-dresden.de 128.9.128.127 Hacker Local DNS Server Root Server tu-dresden.de Server The one, who sends it s response first, is the winner!!! pc1.tu-dresden.de Server IP for example 141.30.211.3 TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 11 von XYZ
01 Motivation Is DNSsec already used? In October 2005 Sweden (.SE) enables DNSSEC in their zone. This make.se the first cctld to deploy DNSSEC. At the same time RIPE NCC (ripe.net) is in the process of deploying DNSSEC in the reverse zones. RIPE RIPE NCC cctld Réseaux IP Européens RIPE Network Coordination Center country code Top Level Domain TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 12 von XYZ
02 DNSsec Mechanism 1. New Resource Records 2. Setting up a Secure Zone (Zone Signing) 3. Authentication TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 13 von XYZ
02 DNSsec Mechanism New Resource Records DNSKEY: DNS Public Key Public key, needed for verifying a RRSIG RRSIG: Resource Record Signature Signature over RRset made using private key NSEC: Next Secure Indicates which name is the next one in the zone and which type codes are available for the current name DS: Delegation Signer Delegation Signer; Pointer for building chains of authentication TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 14 von XYZ
02 DNSsec Mechanism Setting up a Secure Zone (Zone Signing) 1. Generate keypair (public/private key) 2. Sign the zone Insert NSEC Records Insert RSIG Records Insert DS Records 3. Distribute the Public Key (DNSKEY) www.ripe.net/ disi/dnssec_howto/ TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 15 von XYZ
02 DNSsec Mechanism Authentication The Public Key can verify the authenticity of signatures and check both integrity and authenticity of the data. www.ripe.net/ disi/dnssec_howto/ TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 16 von XYZ
03 BIND Outline Introduction Securing DNS data Securing communication between Servers Configuring a recursive name server to verify answers /etc/named.conf Key Generation Signing Zones TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 17 von XYZ
03 BIND Introduction BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including: a Domain Name System server (named) a Domain Name System resolver library tools for verifying the proper operation of the DNS server The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service. TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 18 von XYZ
03 BIND Securing DNS data 1. Configuring a recursive name server to verify answers 2. Securing a DNS zone 3. Delegating of signing authority; becoming globally secure 4. Rolling keys Securing communication between Servers 5. Securing zone transfers TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 19 von XYZ
03 BIND Configuring a recursive name server to verify answers TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 20 von XYZ
03 BIND /etc/named.conf $dig @10.0.53.204 example.net SOA +retry=1 +dnssec +multiline ; <<>> DiG 9.3.0beta3 <<>> @10.0.53.204 example.net SOA +retry=1 +dnssec +multiline ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50414 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;example.net. IN SOA ;; ANSWER SECTION: example.net. 100 IN SOA ns.registry.tld. olaf.ripe.net. ( 2002050501 ; serial 100 ; refresh (1 minute 40 seconds) 200 ; retry (3 minutes 20 seconds) 604800 ; expire (1 week) 100 ; minimum (1 minute 40 seconds) ) example.net. 100 IN RRSIG SOA 5 2 100 20040528103254 ( 20040428103254 14804 example.net. GMdIREMWV+LMuoDZvoVKyUobeEdeXTqzdV0MAUB9VSf7 gt+doba2tmysmg9onvujcbkbrzvlq56csgggqmeet8/q 8auCpFYiXiFri+9LitVKK+n3UvBIb6AL+/acyhUmUzbq 5mF1nuWUDiuIuv/fXFGIeS9V/6P7+ufXWqedhVY= ) ;; ADDITIONAL SECTION: example.net. 100 IN DNSKEY 257 3 5 ( / / ) ;; Query time: 783 msec ;; SERVER: 10.0.53.204#53(10.0.53.204) ;; WHEN: Wed May 12 11:41:06 2004 ;; MSG SIZE rcvd: 890 TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 21 von XYZ
03 BIND Key Generation Usage: dnssec-keygen -a alg -b bits -n type [options] name Version: 9.3.0 Required options: -a algorithm: RSA RSAMD5 DH DSA RSASHA1 HMAC-MD5 -b key size, in bits: RSAMD5: [512..4096] RSASHA1: [512..4096] DH: [128..4096] DSA: [512..1024] and divisible by 64 HMAC-MD5: [1..512] -n nametype: ZONE HOST ENTITY USER OTHER name: owner of the key Other options: -c <class> (default: IN) -e use large exponent (RSAMD5/RSASHA1 only) -f keyflag: KSK -g <generator> use specified generator (DH only) -t <type>: AUTHCONF NOAUTHCONF NOAUTH NOCONF (default: AUTHCONF) -p <protocol>: default: 3 [dnssec] -s <strength> strength value this key signs DNS records with (default: 0) -r <randomdev>: a file containing random data -v <verbose level> -k : generate a TYPE=KEY key Output: K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 22 von XYZ
03 BIND Signing Zones Usage: dnssec-signzone [options] zonefile [keys] Version: 9.3.0 Options: (default value in parenthesis) -c class (IN) -d directory directory to find keyset files (.) -g: generate DS records from keyset files -s YYYYMMDDHHMMSS +offset: RRSIG start time - absolute offset (now - 1 hour) -e YYYYMMDDHHMMSS +offset "now"+offset]: RRSIG end time - absolute from start from now (now + 30 days) -i interval: cycle interval - resign if < interval from end ( (end-start)/4 ) -v debuglevel (0) -o origin: zone origin (name of zonefile) -f outfile: file the signed zone is written in (zonefile +.signed) -r randomdev: a file containing random data -a: verify generated signatures -p: use pseudorandom data (faster but less secure) -t: print statistics -n ncpus (number of cpus present) -k key_signing_key -l lookasidezone -z: ignore KSK flag in DNSKEYs Signing Keys: (default: all zone keys that have private keys) keyfile (Kname+alg+tag) TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 23 von XYZ
04 Bibliography RFCs RFC 4033 DNS Security Introduction and Requirements RFC 4034 Resource Records for the DNS Security Extensions RFC 4035 Protocol Modifications for the DNS Security Extensions TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 24 von XYZ
04 Bibliography URLs http://www.ripe.net/training/dnssec/ http://www.ripe.net/training/dnssec/material/dnssec.pdf http://www.ripe.net/disi/dnssec_howto http://www.isc.org/index.pl?/sw/bind/ http://www.dnssec.net/dns-threats.php A short history of DNSSEC http://www.nlnetlabs.nl/dnssec/history.html NIC-SE makes Internet safer using dnssec http://sartryck.idg.se/art/nic-se_cs912005e.html http://dnssec.nic.se/ TU Dresden, 08.05.06 Secure DNS / DNSsec Folie 25 von XYZ