Reachability Analysis of the Domain Name System

TL;DR

This paper provides the first decision procedure for the DNS verification problem, establishing its complexity as 2ExpTime, which was previously unknown.

Abstract

The high complexity of DNS poses unique challenges for ensuring its security and reliability. Despite continuous advances in DNS testing, monitoring, and verification, protocol-level defects still give rise to numerous bugs and attacks. In this paper, we provide the first decision procedure for the DNS verification problem, establishing its complexity as $\mathsf{2ExpTime}$, which was previously unknown. We begin by formalizing the semantics of DNS as a system of recursive communicating processes extended with timers and an infinite message alphabet. We provide an algebraic abstraction of the alphabet with finitely many equivalence classes, using the subclass of semigroups that recognize positive prefix-testable languages. We then introduce a novel generalization of bisimulation for labelled transition systems, weaker than strong bisimulation, to show that our abstraction is sound and complete. Finally, using this abstraction, we reduce the DNS verification problem to the verification problem for pushdown systems. To show the expressiveness of our framework, we model two of the most prominent attack vectors on DNS, namely amplification attacks and rewrite blackholing.

Figures (15)

• Figure 1: A small portion of the DNS namespace. Dashed lines mark the zone cuts.
• Figure 2: Name resolution for the type a query www.sigplan.org, with an empty cache at the DNS resolver.
• Figure 3: Some DNS notation.
• Figure 4: A pointed topology. The red process is the only tPDS in the network.
• Figure 5: Some auxiliary operations.

Theorems & Definitions (32)

• definition 1
• lemma 1
• definition 2
• definition 3
• definition 4
• lemma 2
• Remark 1
• lemma 3
• proof : Proof Sketch.
• definition 5: Syntactic Congruence