NCSC Cyber Security Advisory CSA-002-17

DNS server configuration may result in excessive resource use and potential malicious application

Summary

  • The NCSC notes that there are DNS servers currently configured to resolve arbitrary internet domains requested from external hosts. 
  • A DNS server configured in this manner may result in excessive resource use and may have potential malicious application.

Details

1. The NCSC has become aware of DNS servers currently configured to resolve internet domains when requested by external hosts. This appears to occur when a DNS server is configured to search for answers in attempt to resolve the requests.

2. The observed DNS servers either resolve these requests, or request upstream (e.g. Google DNS servers), and finally send the response back to the requester. A DNS server configured in this manner will likely result in excessive resource use, as well as have the potential for malicious application.

Recommendations

3. The NCSC recommends DNS servers are configured to allow recursive lookup from internal hosts and remote offices only.

4. The NCSC further recommends DNS servers are configured to only supply public domains hosted within their network to external hosts.

5. Further open source information can be found by searching for ‘open resolver’.