Open Mickael-van-der-Beek opened 2 years ago
After thinking about this for a bit, I suppose the correct approach here is to create a whitelist for allowed DNS resolver IPs
@yaakov123 Probably. It's a bit risky though since IP addresses could change after the application has been run.
Usually the custom lookup is used for two reasons:
resolve()
(C-Ares) instead of lookup()
(Host syscall)Safest is a list of allowed IP addresses and next safest would probably be to block the feature altogether. :/
I see. I think the approach of blocking all entrypoints to changing the DNS resolver IP (e.g. dns.setServers
, and lookup, resolve
) and only allowing resolvers known ahead of time.
I found another bypass, this time on the network (HTTP(S)) access control side.
It's possible to specify a custom IP address resolver which will resolve the whitelisted domain name to a malicious, attacker planted, IP address.
e.g: