DNS hole puts e-mail, directory services at risk

DNS vulnerabilities may cause havoc with directory services, e-mails and phishing attacks, expert says

A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites and even cause havoc with directory services and e-mail in some cases, according to the father of the technology, Paul Mockapetris.

"Once you control the DNS server, you have license to do phishing and farming attacks and mislead all the users of that DNS server," says Mockapetris, who in 1983 proposed the Domain Name System (DNS) architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.

The issue is a timely topic after Microsoft announced late Thursday that a vulnerability exists in its DNS server that could allow a hacker to take over the service.

Mockapetris says users with the Microsoft DNS server also should be concerned about Active Directory because the DNS holds start-up configuration data for the directory.

"I don't know the details of the Active Directory protocol, but there are obvious opportunities for mischief," he says, including denial-of-service attacks.

"E-mail is routed via DNS, so if you took over DNS you could misdirect e-mail. There is a lot of opportunity there," Mockapetris says.

The key is that DNS holds a trusted relationship with users because it is the node that directs them to Web sites based on the URLs that are typed into a browser's address bar or clicked on from a "Favourites" menu.

"The trust relationship is hierarchical. So what you get to do if you take over a DNS server is you get to confuse all of the clients that depend on that DNS server," Mockapetris says.

He says attacks to try and add bogus information to DNS servers or completely take them over have been around for quite some time. Microsoft's DNS vulnerability just opens up another avenue that is likely more of a danger to corporate users.

Large ISPs typically run their DNS servers on Unix or Linux running Bind, Nominum or other software and not on Microsoft DNS services, so consumers would likely not be those most at risk, says Mockapetris, who is now the chief scientist for Nominum.

Corporations, on the other hand, do use Microsoft DNS either internally on intranets or as a pipeline to the Web.

A hacker controlling a DNS server would have access to DNS logs to determine sites users go to, such as a bank, and they could alter DNS records to redirect users to a bogus site that looks like the bank and then record password and other sensitive data. Users also could be redirected to hacker Web sites that would install malicious code on end-user PCs.

"If you take over the box, you can tell users whatever you like in response to their DNS queries," says Mockapetris. "You can see where people want to go and decide the most effective way to attack those users based on their patterns."

The attacks can go on relatively unnoticed given the trust inherent in DNS and the fact that it works behind the scenes.

"If a DNS server misdirects a request, a sophisticated user might notice but the vast majority of users won't," he says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Fontana

Network World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?