*Result*: BGF-DR: bidirectional greybox fuzzing for DNS resolver vulnerability discovery.

*The Domain Name System (DNS) represents a vital infrastructure component of the Internet, within which DNS resolvers constitute the core element of this system. Specifically, DNS resolvers mediate between DNS clients and DNS nameservers as the cache. However, existing tools face significant limitations in effectively identifying resolver vulnerabilities, presenting three primary challenges. First, DNS resolver implementations are complex and stateful, resulting in huge input space. Second, DNS resolver vulnerabilities typically manifest as semantic bugs leading to erroneous responses, making them difficult to detect through conventional oracle-based validation. Finally, most DNS resolver vulnerabilities only become apparent under bidirectional information sequences. This paper presents BGF-DR , a bidirectional greybox fuzzing system that addresses the aforementioned challenges to achieve efficient vulnerability discovery for DNS resolvers. First, BGF-DR leverages both branch coverage and state coverage information to explore the DNS resolver input space more rapidly and comprehensively. Second, BGF-DR employs differential testing and heuristic rules to identify test cases that trigger vulnerabilities. Finally, BGF-DR performs mutation-based case generation on both client-query and nameserver-response to enhance the efficiency of vulnerability discovery. We evaluated BGF-DR on 4 DNS resolvers and identified 6 vulnerabilities that could lead to cache poisoning, resource consumption, and crash attacks. [ABSTRACT FROM AUTHOR]

Copyright of Computers & Security is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)*