NSEC3 Resource Record

from Wikipedia, the free encyclopedia

NSEC3 Recource Records are resource records of the domain name system (DNS) that certain attacks on secure DNS requests (DNSSEC) can be detected. In addition to NSEC Resource Records, they have been offering an alternative way of proving that a certain host name is not in the DNS since 2008 . In contrast to NSEC, NSEC3 uses hash values and not plain text labels to identify all the names of a DNS zone .

background

By signing DNS entries using DNSSEC, it can be verified that these entries have not been falsified and come from the correct authoritative name servers. At first, however, it is not possible to prove the non-existence of DNS entries. For example , if a client asks for the name test.example.org , an attacker can remove the relevant data from the server's response packet without the client being aware of this.

In order to prevent such attacks, all names of a zone are linked in alphabetical order in a ring using NSEC Resource Records, with the last entry pointing to the first (see NSEC Resource Record ). These NSEC records are signed with an RRSIG resource record . A DNS server supplies the associated NSEC entry for a name in its response packets.

Semantically, an NSEC resource record for the client ensures that there is no other name between two names. This can be used to develop a list of all names in a DNS zone by querying all NSEC resource records in a zone sequentially ( zone walking ). This property of NSEC or DNSSEC is undesirable in certain application scenarios.

In contrast to NSEC, NSEC3 uses hash values ​​of the names instead of plain text labels, which defines the order relation on the set of calculated hash values. An NSEC3 resource record therefore confirms that there is no hash value for another name between two hash values ​​for the name of the zone. The resolver can thus determine the hash value of its requested label and determine that the next value in the chain is different without knowing what its specific content is.

The hash function used and other parameters of the method such as a salt are stored in the NSEC3 resource record and are evaluated by the resolver. In addition, there is an NSEC3PARAM resource record for each zone, which stores these parameters for the authoritative name server.

construction

An NSEC3 resource record consists of the following fields:

Hashed owner name
Base32 -coded hash value of a domain name (beginning of an NSEC3 area)
TTL
Time to Live
class
IN ( Internet )
Type
NSEC3
Hash algorithm
used hash function (1: SHA-1 )
Flags
Use of the opt-out function (0: no opt-out; 1: opt-out)
Iterations
Number of additional hash iterations
Salt
Salt value used in hashing
Next hashed owner name
Base32-encoded hash value of a domain name (end of an NSEC3 area)
List of types
List of the existing record types below the owner name

example

When querying the nonexistent domain name DiesisteinNSEC3Beispiel.de, the .de name servers return the following three NSEC3 resource records: 

pffaak97rt0cs40je4c2iho30cebf3it.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A PFFBLDU4RR5BISB2JIOS36ABAJLQNQMS NS DS RRSIG

This record proves the non-existence of DiesisteinNSEC3Beispiel.de, since its hash pffaollcec3ma3e5jl2b2gb7gc9dt3bdvalue lies between the hash values ​​shown. 

tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A TJLG9BE83U1BLVBVCTP8RIQP60D6ATDP NS SOA RRSIG DNSKEY NSEC3PARAM

This record proves that the enclosing domain name is deavailable (hash value tjlb7qbojvmlf1s6gdriru7vsms1lg16). This proof is required so that the client knows under which domain name a possible wildcard record is to be searched. 

nihitgish70cve28nu73a3segd6r1d4p.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A NIHRI169E5SB3FJMDM1I3LTSNURVSITQ NS DS RRSIG

This record proves the non-existence of a wildcard record *.debecause its hash nihkeqi54qck38bpfvggv7rq5jrrd2vpvalue lies between the hash values ​​shown.

Attacks

NSEC3 makes zone walking more difficult, but the plain text names of a zone can be partially or completely obtained through cryptanalytic attacks . The attack consists of two phases:

  1. Hash crawling : First, the attacker gets the complete chain of NSEC3 records of a DNS zone through repeated queries from the name servers. The attacker chooses the request names at random, with only those requests being sent to the server for which the attacker expects to receive a previously unknown NSEC3 record. Usually one DNS query is required for each NSEC3 record in the zone.
  2. Hash breaking : The attacker then carries out a brute force attack , dictionary attack or Markov chain attack to convert the NSEC3 hash values ​​back into plain text names. This procedure is similar to password cracking and can be accelerated considerably by using graphics processors .

By using the above attack method on all top-level domains, 79% of the clear text names can be restored within two weeks. The number of hash iterations does not have a significant impact on the recovery rate, but rather the quality of the dictionary used for the attack .

Norms and standards

  • RFC 5155 DNS Security (DNSSEC) Hashed Authenticated Denial of Existence - Specification of NSEC3 and NSEC3PARAM

Individual evidence

  1. Matthäus Wander, Lorenz Schwittmann, Christopher Boelmann, Torben Weis: GPU-based NSEC3 Hash Breaking . In: 2014 IEEE 13th International Symposium on Network Computing and Applications (NCA) . IEEE, 2014, ISBN 978-1-4799-5393-6 , doi: 10.1109 / NCA.2014.27 . Lecture: Slides .
  2. Matthäus Wander: Measurement Survey of Server-Side DNSSEC Adoption . In: 2017 Network Traffic Measurement and Analysis Conference (TMA) . IEEE, 2017, ISBN 978-3-901882-95-1 , doi: 10.23919 / TMA.2017.8002913 . Lecture: slides , video .