Researchers discover flaws in Amazon and Google DNS services, and important company information is lost: GIGAZINE

Domain Name System (DNS)It’s easy for humans to understand, like “gigazine.net”.Domain nameLike “192.168.0.1” that the computer can processIP adressIt is a system that corresponds toDNS serverReturns the IP address corresponding to the domain name entered. Cloud security companyPhenomenonResearchers found a flaw in DNS services like Google and Amazon that host DNS servers, and said on August 4, 2021, at a security conference, “Black Hat USA 2021It was announced. Due to this flaw, important information about many companies and government agencies was missing.

Black Hat 2021: DNS loophole makes nationwide spying as easy as registering a domain | Wiz Blog
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain

Amazon and Google Fix Major Bug in Their DNS-as-a-Service Platforms: The Record by Recorded Future
https://therecord.media/amazon-and-google-patch-major-bug-in-their-dns-as-a-service-platforms/

AmazonAmazon Route 53And googleDNS in the cloudDNS services like, reduce the burden of managing DNS servers and software on their own, and also provide benefits like increased redundancy and reliability. Companies that use DNS services often register their internal domain name with a DNS server when registering. Once this is done, corporate employees will query the hosted DNS server for their IP address when visiting internal pages.

Users of the DNS service can register any domain name, but Wiz researchers have found that some DNS services allow you to specify the “domain name of the provided DNS server itself.” In fact, when the researchers specified the domain name of a large number of DNS servers owned by Amazon Route 53, they were able to partially hijack the DNS server and receive a large amount of DNS traffic.

Receivable DNS traffic referred to dynamic DNS updates on Windows machines to automatically keep DNS records up-to-date when the IP address changed. It seems that this feature is mainly used in large networks that host internal services and have their own internal server, and he said that the traffic received this time also included important corporate information …

During the 14-hour trial period, the researchers said that 45 US government agencies, 85 international organizations,Fortune 500We have obtained information from a total of more than 15,000 institutions and companies, including the large companies included in. This information contained a large amount of information, such as IP addresses, computer names, employee names, and office locations. For example, the image below maps the location of an office or employee of a large company where DNS traffic was intercepted by a researcher. In this way, in addition to being able to investigate in detail the scope of corporate activities …

In countries like Iran and Myanmar, which are subject to sanctions by the US Treasury’s Office of Foreign Assets Control (OFAC), it was possible to identify companies that appear to be doing business illegally. Intelligence agencies may also be able to use this data to look at connections between companies and government agencies to identify companies that act as government contractors.

Researchers are aware of this issue with three DNS services, including Amazon Route 53 and Google’s Cloud DNS, and Amazon and Google have already updated and addressed it, and the remaining DNS service is also patching. Furthermore, the researchers believe that up to 12 DNS services may be vulnerable to similar attacks.

Regarding this issue, the researchers note that not only the DNS service, but also Microsoft’s default option, which allows dynamic DNS updates to pass through the local network and reach the Internet, is also a problem. When contacted by foreign media The Record about the matter, a spokeswoman said it recommended that companies follow the guidance below.

How to configure dynamic DNS updates on Windows server – Windows Server | Microsoft Docs
https://docs.microsoft.com/ja-jp/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003