Does Your DNS Recursion Really Time Out as Intended? A Timeout Vulnerability of DNS Recursive Servers

Abstract: Parallelization is featured by DNS recursive servers to do time-consuming recursions on behalf on clients. As common DNS configurations, recursive servers should allow a reasonable timeout for each recursion which may take as long as several seconds. However, it is proposed in this paper that recursion parallelization may be exploited by attackers to compromise the recursion timeout mechanism for the purpose of DoS or DDoS attacks. Attackers can have recursive servers drop early existing recursions in service … Show more