07 May

prevent dns enumeration on bind dns server

what the hell is dns enumeration? well, according to this pdf book DNS enumeration is

… the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.

so, this just little tricks on how to prevent dns enumeration on bind dns server, some dns enumeration tools will look at the zone transfer located on your dns server, and when it was misconfigured, it will leak all dns info to the attacker, like this:

sample of dns enumeration result

sample of dns enumeration result

Q: so, what’s the actual danger of this kind of leakage?

A: The information can disclose the network infrastructure of the company without alerting the IDS/IPS. This is due that most of the organizations are not monitoring their DNS server traffic and those that do they only monitor the zone transfers attempts.

and the trick is simple, most of the enumeration tools look for dns zone transfer record, so instead of allowing it for the rest of server’s uptime, just turn it of until you’re needed to do that.

put this line on your named.conf

and restart the service.

disclaimer: this tips doesnt guarantee your server will 100% immune to enumeration. the incident was reported and already fixed by the sysadmin on 18 april 2016.

Leave a Reply

Your email address will not be published. Required fields are marked *