Security concerns with OpenAlias

Question

As I understand it if someone is able to hack my DNS server and edit my TXT DNS record on a FQDN (fully qualified domain name) they could alter the Monero address that the associated with my OpenAlias and redirect future payments to an address controlled by the attacker.

Is this understanding correct?

Assume that my DNS service is completely separate from the server hosting my Monero daemon and wallet associated with my OpenAlias address. Am I correct that funds received prior to the DNS server hack will remain completely secure?

Are there any other important OpenAlias related security concerns that I should be aware of over and above the normal security precautions associated with running a daemon and receiving Monero payments?

Answer 1

Yes. Anyone who gains control of the TXT records would be able to change the address they reference. To answer your second question, you are correct that this would not affect any Monero received prior to the TXT record change, so your received funds would remain safe. This is why it is best to think of it as an alias to your address and not as the address itself.

One other security consideration with OpenAlias is that DNS lookups can leak information. Each time your computer does a DNS lookup, it is possible that the lookup is leaked and collected by a third party. The OpenAlias website recommends that you use DNSCrypt for lookups (https://dnscrypt.org/), and also suggests that is is ready to work with alternative DNS systems such as namecoin.

From their website (https://openalias.org/#implement):

In order to ensure that lookups do not betray the user's privacy it is best to implement DNSCrypt from OpenDNS, and force resolution via a DNSCrypt-compatible resolver. Dependent on your use-case, you may choose to bake DNSCrypt into your software, or bundle dnscrypt-proxy along with your application.

At some point the Monero simplewallet may be updated to use DNSCrypt lookups, but right now it doesn't seem to. Until then, using OpenAlias would potentially leak information that your IP address intends to interact with that Monero address.

Answer 2

As I understand it if someone is able to hack my DNS server and edit my TXT DNS record on a FQDN (fully qualified domain name) they could alter the Monero address that the associated with my OpenAlias and redirect future payments to an address controlled by the attacker.

Is this understanding correct?

Literally at the top of the OpenAlias site it says: "By leveraging DNSSEC we are able to prevent MITM-style attacks on an alias. As with HTTPS, users are able to choose to operate in a less secure fashion if they are willing to accept the risks."

Additionally, in the application workflow it asks developers to "check if we have a valid DNSSEC trust chain (RRSIG, DNSKEY, NSEC3), if not then alert the user that it is potentially untrusted, continue if the user agrees".

The way DNSSEC works, you start with the root key (i.e. for .) and then follow the DNSSEC verification process all the way down. So for fluffypony.gets.paid.co.za you'd validate ., then .za, then .co.za, then paid.co.za, and so on. DNSSEC also prevents a resolver from lying and saying "this record doesn't exist", when it does.

If a Monero client / resolver doesn't implement DNSSEC that's their own fault, and they take user security for granted.

As to other risks, I'm happy with the answer that Ryan gave regarding ISP metadata leakage.