Research On DNS Software Defect Detection Method With Fuzzing

The Domain Name System(DNS)is one of the core infrastructures of the internet,which is primarily responsible for mapping human-readable domain names to computer-readable IP addresses,thus making internet communication more convenient and efficient.However,if DNS software contains defects that are discovered and exploited by attackers,it can pose a significant network security risk.Therefore,detecting DNS software defects and ensuring DNS security is of great significance.In order to detect software defects effectively,researchers have proposed the fuzzing method,which simulates the attack process by automatically generating a large number of incorrectly formatted inputs and monitors the running status of the program under test to find software problems.Studies have shown that applying existing fuzzing research directly to DNS software still faces issues such as low test case availability,incomplete DNS software feature coverage,and the inability to detect semantic defects.To this end,this thesis proposes a DNS software defect detection method based on fuzzing.Specifically,firstly,in order to improve the usability of test cases,the method splits and mutates the DNS message,then generates test cases based on the semantic structure,and finally repairs the generated test cases according to the DNS protocol format specification.Secondly,in order to completely cover the DNS software functions and simplify the state machine construction process,this method proposes a DNS software bi-directional testing method.This method conducts fuzzing from both ends of the client and domain name server and designs a fuzzing strategy for repeatedly sending the same message for the cache mechanism of DNS software.Finally,in order to be able to detect semantic defects of DNS software and reduce the cost of manual analysis,this method performs differential analysis on multiple software on the client side and the domain name server side to obtain suspicious use cases with inconsistent behavior and then performs automatic deduplication processing based on the different location characteristics of the test cases before and after mutation.In order to apply the above research results to practical scenarios,this thesis designs and implements AFLDNS,a DNS software defect detection tool.In order to prove its effectiveness,this thesis uses this tool and 6 mainstream protocol fuzzing tools in the industry to conduct a comparative verification test on 6 open source DNS softwares and finds that the AFLDNS tool performs better in terms of code and state coverage capabilities,defect detection capabilities,and has successfully discovered 16 DNS software defects,7 of which have been confirmed and fixed by the manufacturer.The experimental results show that the AFLDNS tool has good fuzzing and defect detection capabilities,and can effectively improve the security of DNS software.