TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records

Olivier van Der Toorn, Roland Van Rijswijk-Deij, Tobias Fiebig, Martina Lindorfer, Anna Sperotto

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.

Original languageEnglish
Title of host publicationProceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages544-549
Number of pages6
ISBN (Electronic)9781728185972
DOIs
Publication statusPublished - 2020
Event5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy
Duration: 7 Sep 202011 Sep 2020

Publication series

NameProceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

Conference

Conference5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
CountryItaly
CityVirtual, Genoa
Period7/09/2011/09/20

Keywords

  • Classification
  • DNS
  • Measurement
  • Security

Fingerprint

Dive into the research topics of 'TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records'. Together they form a unique fingerprint.

Cite this