T 5.154 DNS information leakage
The main function of DNS is to resolve names and IP addresses. In order to meet these requirements, the allocation of names and IP addresses of all computers and network components of DNS servers is stored, amongst other things. Part of this information must be published:
- DNS servers
- Web servers
- Mail servers
- File servers
- VPN connection points
If this domain information was not freely accessible by the public, it would not be possible to establish connections to these servers using domain names via the Internet. Domain information on internal computers and network components, however, are usually not intended for the public and should thus remain internal information within the organisation. Since domain information says something about the function and/or location of the respective IT component in most cases, situations in which such information is published are referred to as DNS information leakage.
Publication itself does not constitute direct damage to the information system. However, the domain information obtained can be used to prepare for an attack on the information system. An attacker can gain on overview of the network, security-related components and worthwhile targets. The more information on the target of an attack an attacker can collect, the higher the chances that he/she will find a vulnerability.
There are several approaches for information leakage:
- If the visibility of the domain information is not restricted, all the domain information can be requested legitimately.
- If there are no restrictions regarding zone transfers (T 3.104 Incorrect configuration of a DNS server), all the domain information can be queried by means of a single query.