The Repository @ St. Cloud State

Open Access Knowledge and Scholarship

Culminating Project Title

TKEY Vulnerability in BIND DNS Server

Date of Award


Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.


Information Assurance and Information Systems


Herberger School of Business

First Advisor

Dennis Guster

Second Advisor

Jim Chen

Third Advisor

Mark Schmidt

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.


The Domain Naming System (DNS) has been a core technology to the usefulness of the Internet since the beginning of its public introduction. The ability to associate an English-readable fully qualified domain name (FQDN) with an IPv4 address is crucial to its user-friendliness. Due to its age, several flaws have been discovered in its code, one of the more recent being referenced as CVE-2015-5477, which affects all versions of Berkeley Internet Naming Daemon (BIND) available before July 31, 2015. We will cover what this error is, describe and test its effectiveness against an older BIND v. 9.9.6 server, and discuss options for resolving the issue.


I would like to acknowledge the contributions of my advisor Dr. Guster, as well as the time spent and things learned in classes I attended with Drs. Chen and Schmidt. Without their assistance this project would not have come to completion.

I also wish to thank my wife and family for their time and their support in getting this project completed. Your sacrifices have meant the world to me.