CHECKING FOR DNS CACHE POISONING VULNERABILITY

 

 

(Document for Network Administrators)
 

 

 

To check if your DNS servers are affected by DNS Caching Poisoning Vulnerability or not, follow the following three steps:

 

 

 

 

 

 

 

 

 

 

 

1. Configure the DNS server which being checked (Important).
2. Use BkavDNSCheck.exe to check.
3. Apply patch if affected.

 

 

1. Configure the DNS server which being checked (Important).

 

 

You need configure the DNS Server Forwarders function on the DNS server which being checked, pointing the domain name BkavDNSCheck.vn to IP Address 203.162.1.239 (The server contains checking software).

 

 

This section helps you to configure on 2 popular DNS servers:

 

 

 

 

 

 

 

 

 

• Microsoft DNS Server
• BIND

 

 

1.1. Configure the server using Microsoft DNS Server

 

 

 

 

 

 

 

 

 

• Logon to DNS Server Administration Interface
• Right click on DNS Server, then select Properties

 

 

 

 

 

 

 

 

 

 

 

 

• Select Forwarders tab

 

 

 

 

 

 

 

 

 

 

 

 

• Press New, type BkavDnsCheck.vn into DNS domain box and press OK

 

 

 

 

 

 

 

 

 

 

 

 

• Type 203.162.1.239 into Selected domain’s forwarder IP address list

 

 

 

 

 

 

 

 

 

 

 

 

• Press Apply and OK

 

 

1.2. Configure the DNS Server using Bind

 

 

 

 

 

 

 

 

 

• Note: only apply this step if you used Bind software   
• Add this configuration into file /var/named

 

 

 

 

 

 

 

 

 

 

 

 

zone "bkavdnscheck.vn" IN {      type forward;      forwarders {203.162.1.239;};};

 

 

 

 

 

 

• Restart  DNS service

 

 

 

 

 

2. Use BkavDNSCheck.exe to check

 

 

 

 

 

 

Subdomain Exploit DNS Cache Poisoning checked scheme

 

2.1. Download the BkavDNSCheck.exe software

 

 

 

 

 

 

 

• Download BkavDNSCheck.exe at http://www.bkav.com.vn/DNSCheck/BkavDNSCheck.exe

 

 

2.2. Setup DNS server information on the machine running BkavDNSCheck.exe  

 

 

 

 

 

 

 

 

 

• On the client running BkavDNSCheck.exe, open the Internet Protocol (TCP/IP) Properties windows.
• Important: Change the IP address of Preferred DNS Server field to IP private address of the DNS server which being checked (see the image)

 

 

 

 

 

 

 

2.3. Running check

 

 

 

 

 

 

 

• Run BkavDnsCheck.exe

 

 

 

 

 

 

 

 

 

 

 

 

 

 

• Press Scan and wait (about 60 seconds)
• See the result in 3 cases:

 

 

Case #1: DNS Server is not affected by the DNS Cache Poisoning vulnerability. You do not have to do anything; your DNS server is safe.

 

 

 

 

 

 

 

 

Case #2: Your DNS Server is affected by the DNS Cache Poisoning vulnerability. You need apply patch following the 3^rd section.

 

 

 

 

 

 

 

3. Apply patch

 

 

After scanning by BkavDNSCheck tool, if your DNS server is vulnerable to cache poisoning, you need to update the patches, in order to prevent from DNS cache poisoning attacks

 

 

Following these steps: 

 

 

3.1. Specify the software:

 

 

 

 

 

 

 

• Specify the vender of the DNS server software used to resolve the address (Microsoft, Red Hat, …)

 

 

3.2. Apply patch matched your system