logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Xiang Li
2023-05-12

Phoenix Domain is a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain. Phoenix Domain has two variations and affects all mainstream DNS software and public DNS resolvers overall because it does not violate any DNS specifications and best security practices.The attack is made possible through systematically "reverse engineering" the cache operations of 8 DNS implementations, and new attack surfaces are revealed in the domain name delegation processes. We selected 41 well-known public DNS resolvers and proved that all surveyed DNS services are vulnerable to Phoenix Domain, including Google Public DNS and Cloudflare DNS. Extensive measurement studies were performed with 210k stable and distributed DNS recursive resolvers, and results show that even after one month from domain name revocation and cache expiration, more than 25% of recursive resolvers can still resolve it.The proposed attack provides an opportunity for adversaries to evade the security practices of malicious domain take-down. We have reported discovered vulnerabilities to all affected vendors and suggested 6 types of mitigation approaches to them. Currently, 7 DNS software providers and 15 resolver vendors, including BIND, Unbound, Google, and Cloudflare, have confirmed the vulnerabilities, and some of them are implementing and publishing mitigation patches according to our suggestions. In addition, 9 CVE numbers have been assigned. The study calls for standardization to address the issue of how to revoke domain names securely and maintain cache consistency.
Authors: Yong Tang
2023-04-21

tldr - powered by Generative AI

The presentation discusses the relevance of DNS in Kubernetes clusters and the ways to contribute to the coding community.
  • DNS is still relevant in Kubernetes clusters even with software-defined networking
  • Contributing to the coding community can be done through GitHub, adding company name to adopt the project, and becoming a maintainer
  • SDN allows for more flexibility in assigning IP addresses in a cluster
Authors: Thomas Graf
2023-04-21

tldr - powered by Generative AI

The presentation discusses the importance of monitoring infrastructure using the Golden Signal Dashboard and Kubernetes Service Implementation.
  • The Golden Signal Dashboard is a standard way of monitoring infrastructure for publicly available services.
  • The four golden signals that matter are latency, traffic or throughput, errors, and saturation.
  • Kubernetes Service Implementation allows for multiple pod replicas to be exposed via a single IP and DNS name.
  • Network policies can cause problems that are hard to detect without proper observability tools.
  • Hubble UI and Hubble Observe CLI are useful tools for troubleshooting network issues.
Authors: Laurent Bernaille, Elijah Andrews
2022-05-20

tldr - powered by Generative AI

The presentation discusses a complex incident faced by Datadog in their Kubernetes environment, where they initially suspected DNS issues during rolling updates. However, after extensive debugging, they discovered that the issue was related to the connection tracking table used by the hypervisor in AWS instances.
  • Datadog faced a complex incident in their Kubernetes environment
  • Initially suspected DNS issues during rolling updates
  • Extensive debugging revealed the issue was related to the connection tracking table used by the hypervisor in AWS instances
  • Tried different instance types and sizes to address the issue
  • Contacted AWS for more information on connection tracking limits
Authors: Miek Gieben, Yong Tang, John Belamaric
2021-10-13

Best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is a flexible and extensible DNS server with a focus on service discovery. The flexibility and extensibility of CoreDNS comes from its unique plugin-based architecture and its easy-to-use Corefile configurations. In this session, we will take a close look at the CoreDNS extension points for developers. We will learn how to build custom DNS applications based on CoreDNS, including: building a custom CoreDNS binary that includes external plugins; building a specialized binary that uses CoreDNS as a library; building your own CoreDNS plugin. We will also update the current state and the road map of CoreDNS for the near future.