/plushcap/analysis/cloudflare/sad-dns-explained

SAD DNS Explained

What's this blog post about?

Researchers from UC Riverside and Tsinghua University have announced a new attack against the Domain Name System (DNS) called SAD DNS (Side channel AttackeD DNS). This attack leverages recent features of the networking stack in modern operating systems to allow attackers to revive a classic attack category: DNS cache poisoning. The researchers contacted Cloudflare and other major DNS providers, and 1.1.1.1 Public Resolver is no longer vulnerable to this attack. This post explains what the vulnerability was, how it relates to previous attacks of this sort, what mitigation measures have been taken to protect users, and future directions the industry should consider to prevent this class of attacks from being a problem in the future.

Company
Cloudflare

Date published
Nov. 13, 2020

Author(s)
Marek VavruĊĦa, Nick Sullivan

Word count
3096

Language
English

Hacker News points
92


By Matt Makai. 2021-2024.