DNS
Click on the red underlined text to get to the source
...
This document discusses the use of the Domain Name System (DNS) for
storage of E.164 numbers. More specifically, how DNS ...
... DNS) for
storage of E.164 numbers. More specifically, how DNS can be used for
identifying available services connected to one E.164 ...
... 5], called within this document
E.164 numbers, into DNS names and the use of existing DNS services
...
... The domain "e164.arpa" is being populated in order to provide the
infrastructure in DNS for storage of E.164 numbers. In order to
facilitate distributed operations, this domain ...
... domain is divided into
subdomains. Holders of E.164 numbers which want to be listed in DNS
should contact the appropriate zone administrator according to the
...
... this information by examining the SOA resource record associated with
the zone, just like in normal DNS operations.
Of course, as with other domains ...
...
The Order field in the NAPTR record specifies in what order the DNS
records are to be interpreted. This is because DNS does not
guarantee the order of records returned in the answer section of a
...
... The Order field in the NAPTR record specifies in what order the DNS
records are to be interpreted. This is because DNS does not
guarantee the order of records returned in the answer section of a
DNS packet ...
... DNS does not
guarantee the order of records returned in the answer section of a
DNS packet. In most ENUM cases this isn't an issue because the
typical regular expression ...
... Application is found in [2] which is the document that defines the
NAPTR DNS Resource Record type.
ENUM ...
... ENUM compliant
applications MUST only query DNS for what it believes is an E.164
number. Since there are numerous dialing plans which can change over
...
... number which in reality is not actually valid or dialable. This
implies that applications MAY send DNS queries when, for example, a
user mistypes a number in a user interface. Because of this, there
...
... 2] specifies a DDDS Database that uses the
NAPTR DNS resource record to contain the rewrite rules. The Keys for
this database are encoded as domain ...
... flags field is blank, produces new keys in
the form of domain-names from the DNS.
Some nameserver ...
... nameserver implementations attempt to be intelligent about items
that are inserted into the additional information section of a given
DNS response. For example, BIND will attempt to determine if it is
authoritative for a domain whenever it encodes one into a packet. If
...
... NAPTR records
it is serving and inserts more appropriate information into the
additional information section of the response. Thus, DNS servers
MAY interpret Flag values and use that information to include
appropriate resource records ...
... appropriate resource records in the Additional Information portion of
the DNS packet. Clients are encouraged to check for additional
information but are not required to do so. See the Additional
...
... information on NAPTR records and the Additional Information section
of a DNS response packet.
The character set ...
... allowed anywhere in an E.164 number. The characters allowed to be in
a Key are those that are currently defined for DNS domain-names.
...
... DNS Security ...
...
As ENUM uses DNS, which in its current form is an insecure protocol,
there is no mechanism for ensuring that the data one gets back is
authentic. As ENUM ...
... target for various kind of attacks, and
attacking the underlying DNS infrastructure is one way of attacking
the ENUM service itself.
...
...
There are multiple types of attacks that can happen against DNS that
ENUM implementations should be aware of. The following threats are
...
... Packet Interception
Some of the simplest threats against DNS are various forms of
packet interception: monkey-in-the-middle attacks ...
... resolver) whatever it wants that party to believe. While packet
interception attacks are far from unique to DNS, DNS's usual
behavior of sending an entire query ...
... packet
interception attacks are far from unique to DNS, DNS's usual
behavior of sending an entire query or response in a single
...
... ID Guessing and Query Prediction
Since the ID field in the DNS header is only a 16-bit field and
the server UDP port ...
... bit field and
the server UDP port associated with DNS is a well-known value,
there are only 2**32 possible combinations of ID and client UDP
port ...
... Name-based Attacks
Name-based attacks use the actual DNS caching behavior as a tool
to insert bad data ...
... bad data into a victim's cache, thus potentially
subverting subsequent decisions based on DNS names. Most examples
occur with CNAME, NS ...
... attacks is that response messages allow the attacker to
introduce arbitrary DNS names of the attacker's choosing and
provide further information that the attacker ...
... client machines are only configured
with stub resolvers, and use trusted servers to perform all of
their DNS queries on their behalf. In many cases the trusted
server is furnished by the user's ISP ...
... service of any
kind in any domain of discourse), DNS is vulnerable to denial of
service attacks. DNS servers are also at risk of being used as
...
... domain of discourse), DNS is vulnerable to denial of
service attacks. DNS servers are also at risk of being used as
denial of service amplifiers, since DNS response packets ...
... DNS servers are also at risk of being used as
denial of service amplifiers, since DNS response packets tend to
be significantly longer than DNS query packets.
...
... denial of service amplifiers, since DNS response packets tend to
be significantly longer than DNS query packets.
Authenticated ...
... trust that the peer is the intended
party as all kind of attacks against DNS can not be protected against
with DNSSEC. A service ...
... ENUM MUST be prepared
to receive DNSSEC and other standardized DNS security responses,
including large responses, EDNS0 signaling ...
...
The caching in DNS can make the propagation time for a change take
the same amount of time as the time to live for the NAPTR records ...
... Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database", RFC 3403prop, October 2002. ...