N Korea accidentally leaks DNS for its propaganda websites

21 September 2016

An accidental leak of all North Korea's propaganda websites, has provided global internet users with some penetrating  insights into the secretive nation's internet infrastructure.

The websites were leaked on Tuesday, which led to the discovery that North Korea had just 28 sites registered on its .kp domain.

GitHub explained earlier this week, "one of North Korea's top level name servers was accidentally configured to allow global [Domain Name System] transfers. This allows anyone who performs [a zone transfer request] to the country's ns2.kptc.kp name server to get a copy of the nation's top level DNS data."

Two of the websites are Cooks.org.kp, which is a recipe site, and kcna.kp, the site for the country's news agency. The purpose of  friend.com.kp, is not clear, though it is suspected to be a form of social network. There are many sites, which no one had been able to access.

According to experts, despite the limited content, North Korea's servers were not the most stable. In late 2014, the country's entire internet went offline following what was speculated to be a distributed denial-of-service (DDoS) attack.

North Korea had adopted the country-code norm of using second-level domains, such as the "co" in "co.uk'' but it also had not just "co" but also "com", "net"  and "org". It had the US-style "gov" and "edu" second-level domains, and the one somewhat original extension was "rep.kp", which seemed to be dedicated to North Korea's technical department.

According to experts, the leak resulted from an accidental misconfiguration of North Korea's name server, which stores information of all the domains existing under .kp. Researchers at the TL; DR project uncovered the accidental misconfiguration. The reasearchers then performed an AXFR (zone transfer) request, which allowed them access to North Korea's top-level DNS data.

 search domain-b