Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure

XDAuth

摘要

Domain Name System (DNS) establishes clear responsibility boundaries among nameservers for managing DNS records via authoritative delegation. However, the rise of third-party public services has blurred this boundary. In this paper, we uncover a novel attack surface, named XDAuth, arising from public authoritative nameserver infrastructure’s failure to isolate data across zones adequately. This flaw enables adversaries to inject arbitrary resource records across logical authority boundaries and covertly hijack domain names without authority. Unlike prior research on stale NS records, which concentrated on domain names delegated to expired nameservers or those of hosting service providers, XDAuth targets enterprises that maintain their authoritative domain names. We demonstrate that XDAuth is entirely feasible, and through comprehensive measurements, we identify 12 vulnerable providers (e.g., Amazon Route 53, NSONE, and DigiCert DNS), affecting 125,124 domains of notable enterprises, including the World Bank, Disney, and the BBC. Moreover, we responsibly disclose the issue to the affected vendors. Some DNS providers and enterprises (e.g., Amazon Route 53 and Disney) have recognized the issue and are adopting mitigation measures based on our suggestions.

出版物
In Proceedings of 33rd {USENIX} Security Symposium, {USENIX} Security 2024, Philadelphia, PA, USA, August 14-16, 2024. (Acceptance rate: 417/2276=18.32%).
* Presented in OARC 43 by Yunyi Zhang

Presentation

  • Presented in OARC 43 by Yunyi Zhang
comments powered by Disqus
下一页
上一页

相关