Evaluating DNS Vulnerability to Cache Injection

The Domain Name System (DNS) is one of the most fundamental components of the Internet-based applications. DNS cache injection is demonstrably the most prominent and dangerous threat on DNS. In this paper, we explore the vulnerability of cache strategy in DNS resolver and propose a novel approach to evaluate injection vulnerabilities that allows cache injection attacks. The proposed approach is validated and experimented with real DNS resolution platforms such as Google Public DNS, BIND and Unbound, which illustrates our approach effectiveness and can be applied on realistic attack scenario. We then explain the impact of the injection attacks on DNS resolution platforms and their implications for several defense strategies against cache injection attacks.We upload the source code of our work to Github, which can be access from: www.Github.com/DNSBIT/DNS-Cache-Injection.