DNS Recursive Vulnerability

The server supporting DNS recursion are vulnerable to fake requests from spoofed IP addresses (DNS Amplification) and other serious security issues like DNS poisoning attacks. The vulnerable server may even be put on blacklist on worst consequences.

This post is applicable only for Publicly facing DNS infrastructure. The internal DNS servers inside your organization are meant to perform recursive queries.

Here are the steps to identify DNS Recursive

Use nmap to determine DNS port UDP/53 is opened on your firewall.

nmap -sU -p 53 -Pn <IP>

Use nmap dns-recursion script to identify if the server responds to recursive queries.

Use nslookup to conclude if the server is actually responding to DNS queries of external domains for which the server is not authoritative.

You may also like...