PolarDNS: New specialized DNS server for penetration testing and vulnerability research

In this session, I would like to present a new open-source tool called PolarDNS, which is a specialized authoritative DNS server primarily designed for penetration testing and 0day vulnerability research.

In the beginning of the session, I will explain the story behind PolarDNS, why it was created and for what purposes. I will explain that it can be used, for instance, as a server-to-server attack tool for discovery of 0day vulnerabilities in recursive DNS resolvers.

I will explain that PolarDNS gives the operator full control over the DNS protocol layer, and that it provides ability to produce custom DNS responses, including non-standard and non-compliant DNS responses, DNS responses violating the RFC specifications, and even heavily malformed DNS responses.

The session will cover the main concepts of the tool and show several usage examples to demonstrate its features. I will share where to find the list of all implemented features and how to combine them effectively to produce variants of different DNS responses.

I will cover in detail how to deploy PolarDNS in a model setup suitable for server-to-server attack scenarios. This involves a designated domain and deployment of the tool on 2 separate nameservers.

Next, I will demonstrate how PolarDNS can be used to find vulnerabilities in DNS resolvers by looking on a few 0day vulnerabilities which were recently discovered using PolarDNS.

Lastly, I will cover the process of adding additional features to PolarDNS, which is essential for getting the most value from the tool.