Google Public DNS service announces the implementation of measures to prevent DNS Cache Poisoning, where malicious individuals spoof authoritative servers by responding to IP queries with false information. If these replies reach Google before the legitimate server responses, users may inadvertently be directed to fake servers for a period of time.
The Internet Engineering Task Force (IETF) has attempted to address this issue through DNS Cookies standards (RFC 7883), which add a unique cookie value for servers to respond with, making it difficult for perpetrators to guess the correct value. However, many servers do not support this feature, resulting in only around 10% of queries being protected by this process.
In 2022, Google experimented with a measure proposed since 2008 – randomizing the query name sizes within domain names. Typically, authoritative servers respond with the original names queried, expanding the protection range. Google has now made this feature default, providing additional protection for over 90% of queries and minimizing the risk of cache poisoning attacks.
With this measure, authoritative servers do not need to make any additional changes, but Google advises users to explore and enable new security features for added protection.
Source – Google Security Blog
Image showing the DNS query process from Cloudflare.
TLDR: Google Public DNS enhances security measures to prevent DNS Cache Poisoning by implementing query name randomization within domain names, providing significant protection against malicious attacks.
Leave a Comment