DNS Enumeration Techniques and Characterizing DNS vulnerabilities

Abstract: The Domain Name System is a worldwide global service, considered to be the heart and soul of the internet, that is used for mapping IP addresses to a hostname and vice-versa. Despite the fact that DNS is recognized as a critical internet service, the security aspects concerning its adoption are still highly neglected. This thesis presents the foundations of DNS, investigates vulnerabilities, and enumeration techniques, which are used to locate all DNS servers and records of an organization. In particular, we investigated how attackers can enumerate DNS using an actual data set available for .se and .nu zone files. We analyze such data sets and map their corresponding vulnerabilities to common DNS attacks found in the literature. We show that available information can be exploited to perform security attacks on the DNS infrastructure.