TKEY Vulnerability in BIND DNS Server

Author

Michael Engels, St. Cloud State UniversityFollow

Date of Award

12-2015

Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.

Department

Information Assurance and Information Systems

College

Herberger School of Business

First Advisor

Dennis Guster

Second Advisor

Jim Chen

Third Advisor

Mark Schmidt

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Abstract

The Domain Naming System (DNS) has been a core technology to the usefulness of the Internet since the beginning of its public introduction. The ability to associate an English-readable fully qualified domain name (FQDN) with an IPv4 address is crucial to its user-friendliness. Due to its age, several flaws have been discovered in its code, one of the more recent being referenced as CVE-2015-5477, which affects all versions of Berkeley Internet Naming Daemon (BIND) available before July 31, 2015. We will cover what this error is, describe and test its effectiveness against an older BIND v. 9.9.6 server, and discuss options for resolving the issue.

Comments/Acknowledgements

I would like to acknowledge the contributions of my advisor Dr. Guster, as well as the time spent and things learned in classes I attended with Drs. Chen and Schmidt. Without their assistance this project would not have come to completion.

I also wish to thank my wife and family for their time and their support in getting this project completed. Your sacrifices have meant the world to me.

Recommended Citation

Engels, Michael, "TKEY Vulnerability in BIND DNS Server" (2015). Culminating Projects in Information Assurance. 2.
https://repository.stcloudstate.edu/msia_etds/2