Technitium DNS Server Denial-of-Service Vulnerability in Rate Limiting Component

A denial-of-service vulnerability has been identified in Technitium DNS Server version 13.5. The issue allows remote attackers to disrupt service by abusing the rate-limiting feature, particularly under the default configuration. Attackers who can spoof IP addresses can effectively block legitimate DNS traffic for entire subnets, causing disruptions for clients and resolvers.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where legitimate DNS clients and resolvers are temporarily blocked from receiving DNS responses. This disruption can affect an entire IPv4 /24 or IPv6 /56 subnet, depending on the attack.

Reproduction

The vulnerability can be reproduced by configuring Technitium DNS Server 13.5 to allow IP address spoofing. Once this is set, an attacker can send DNS queries that exceed the rate limit, effectively blacklisting the subnet from which the queries are sent. This can be done manually or through a script that automates the process of sending spoofed DNS requests at a rate that overwhelms the server's ability to respond to legitimate queries.

Remediation

Users can upgrade to Technitium DNS Server version 14.0 or later, where this vulnerability has been fixed. Instructions for upgrading can be found in the Technitium DNS Server documentation.