Short Paper: On Deployment of DNS-Based Security Enhancements
نویسندگان
چکیده
Although the Domain Name System (DNS) was designed as a naming system, its features have made it appealing to repurpose it for the deployment of novel systems. One important class of such systems are security enhancements, and this work sheds light on their deployment. We show the characteristics of these solutions and measure reliability of DNS in these applications. We investigate the compatibility of these solutions with the Tor network, signal necessary changes, and report on surprising drawbacks in Tor’s DNS resolution.
منابع مشابه
Bootstrapping the Adoption of Internet Security Protocols
The deployment of network-wide security enhancements to the Internet has proven more difficult than many had initially anticipated. We leverage existing models of networks’ value to model the problem of bootstrapping the adoption of security technologies. We describe a variety of policy interventions and deployment strategies that can help to catalyze this adoption. Using this framework, we pro...
متن کاملPublic Key Validation for the DNS Security Extensions
The deployment of DNS Security (DNSSEC) can only succeed if there is an effective mechanism for DNS public key validation. This paper compares three potential approaches to DNS key validation. A tree based approach utilizes the existing structure of the DNS tree to form highly structured key signing rules. This makes following chains of trust simple, but it allows no flexibility for individual ...
متن کاملBoost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination
SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addr...
متن کاملGDS Resource Record: Generalization ofthe Delegation Signer Model
Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys to sign its resource records in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attacks on DNS. The DNSSEC validation process is based on the establishment ...
متن کاملMeasuring the Deployment Hiccups of DNSSEC
On May 5, 2010 the last step of the DNSSEC deployment on the 13 root servers was completed. DNSSEC is a set of security extensions on the traditional DNS protocol, that aim in preventing attacks based on the authenticity and integrity of the messages. Although the transition was completed without major faults, it is not clear whether problems of smaller scale occurred. In this paper we try to q...
متن کامل