Challenges and Opportunities In Deploying DNSSEC A progress report on an investigation into DNSSEC deployment
نویسنده
چکیده
In the process of building a web portal[1] focused on providing real-world deployment information about DNS Security Extensions (DNSSEC), Internet Society staff identified a number of areas where DNSSEC deployment can be simplified for domain name holders, domain name infrastructure operators and domain name consumers (i.e. users of DNSSEC-signed domains). Some areas were predictably around the need for more education of consumers, businesses, developers and network operators about DNSSEC. Other areas, though, were more involved with the process involved in signing domains and also in bootstrapping the overall process of using DNSSEC. This paper outlines the challenges identified so far and offers suggestions on how to overcome those challenges.
منابع مشابه
Is the Internet Ready for DNSSEC: Evaluating Pitfalls in the Naming Infrastructure
We study the challenges of deploying DNSSEC on Domain Name System (DNS) name servers. DNSSEC, a defence mechanism for DNS, was designed to provide cryptographic assurance for DNS records against cache poisoning attacks. Although standardised more than 15 years ago, DNSSEC is still not widely deployed. Multiple efforts are focused on identifying deployment obstacles and it is generally believed ...
متن کاملTowards Adoption of DNSSEC: Availability and Security Challenges
DNSSEC deployment is long overdue; however, it seems to be finally taking off. Recent cache poisoning attacks motivate protecting DNS, with strong cryptography, rather than with challenge-response ‘defenses’. Our goal is to motivate and help correct DNSSEC deployment. We discuss the state of DNSSEC deployment, obstacles to adoption and potential ways to increase adoption. We then present a comp...
متن کاملMeasuring the Practical Impact of DNSSEC Deployment
DNSSEC extends DNS with a public-key infrastructure, providing compatible clients with cryptographic assurance for DNS records they obtain, even in the presence of an active network attacker. As with many Internet protocol deployments, administrators deciding whether to deploy DNSSEC for their DNS zones must perform cost/benefit analysis. For some fraction of clients — those that perform DNSSEC...
متن کاملThe Design of Metrics for Quantifying the DNSSEC Deployment
This paper examines the deployment of the DNS Security Extensions (DNSSEC), which adds cryptographic protection to DNS, one of the core components in the Internet infrastructure. We analyze the data collected from the initial DNSSEC deployment which started in 2005, and identify three critical metrics to gauge the deployment: availability, verifiability, and validity. Our results provide the fi...
متن کاملA Longitudinal, End-to-End View of the DNSSEC Ecosystem
The Domain Name System’s Security Extensions (DNSSEC) allow clients and resolvers to verify that DNS responses have not been forged or modified inflight. DNSSEC uses a public key infrastructure (PKI) to achieve this integrity, without which users can be subject to a wide range of attacks. However, DNSSEC can operate only if each of the principals in its PKI properly performs its management task...
متن کامل