2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 2020
DOI: 10.1109/eurospw51379.2020.00080
|View full text |Cite
|
Sign up to set email alerts
|

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records

Abstract: The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to class… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 8 publications
(8 citation statements)
references
References 13 publications
0
8
0
Order By: Relevance
“…It can be seen as the Internet's phonebook as it allows, among others, domain names to be resolved to IP addresses. Domain name operators can publish various types of resource records (RR) in the DNS zone of their domain, for example A records (IP addresses), MX records (mail exchanger for inbound e-mail), and TXT records, which are 'freetext' of variable length and are used for a variety of purposes [7]. Records are held by the name server that is authoritative for a given domain name.…”
Section: A Dnsmentioning
confidence: 99%
See 2 more Smart Citations
“…It can be seen as the Internet's phonebook as it allows, among others, domain names to be resolved to IP addresses. Domain name operators can publish various types of resource records (RR) in the DNS zone of their domain, for example A records (IP addresses), MX records (mail exchanger for inbound e-mail), and TXT records, which are 'freetext' of variable length and are used for a variety of purposes [7]. Records are held by the name server that is authoritative for a given domain name.…”
Section: A Dnsmentioning
confidence: 99%
“…We selected the domains from the re-ranked top 100 for this case-study as their reduction, when moving to TXT queries, was only 32%. In the past, by matching each TXT record against a regular expression, we were able to categorize roughly 99% of all TXT records in OpenINTEL [7]. This technique quickly shows what kind of records are present for a given population.…”
Section: Categorization Of Txt Recordsmentioning
confidence: 99%
See 1 more Smart Citation
“…There is also an experimental RFC 1464 dated back to 1993 that suggests to define the format of TXT RDATA fields as the ''attribute name followed by the value of the attribute''. However, despite this experimental RFC the TXT records are in practice used in arbitrary defined format and TXT RRs usage increased over the last years [37]. Some of the most common production TXT RR usecases are:…”
Section: Embedding Free-form Information Into Dns Recordsmentioning
confidence: 99%
“…• O. van der Toorn, R. van Rijswijk-Deij, T. Fiebig, M. Lindorfer, and A. Sperotto. "TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records", in the Workshop on Traffic Measurements for Cybersecurity (WTMC), co-located with IEEE European Symposium on Security and Privacy Workshops (EuroSP), 2020 [61].…”
Section: Introductionmentioning
confidence: 99%