Enabling DNSSEC in Open Source Applications
نویسندگان
چکیده
The Domain Name System (DNS) [1] [2] has been recently improved by the addition of DNS security extensions (DNSSEC) [3] [4] [5]. These improvements secure DNS against information forgery, modification and other attacks [6]. The DNS infrastructure needs to be upgraded to take advantage of the benefits offered by DNSSEC. Servers will need to serve DNSSEC enabled records and applications will need to look for and process these new security records. This paper discusses the advantages of supporting DNSSEC directly within end-system applications and the intricacies involved in retrofitting existing applications with DNSSEC support. The experiences and benefits achieved when upgrading two open-source packages is described.
منابع مشابه
Measuring the Practical Impact of DNSSEC Deployment
DNSSEC extends DNS with a public-key infrastructure, providing compatible clients with cryptographic assurance for DNS records they obtain, even in the presence of an active network attacker. As with many Internet protocol deployments, administrators deciding whether to deploy DNSSEC for their DNS zones must perform cost/benefit analysis. For some fraction of clients — those that perform DNSSEC...
متن کاملNSEC5: Provably Preventing DNSSEC Zone Enumeration
We use cryptographic techniques to study zone enumeration in DNSSEC. DNSSEC is designed to prevent attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability, zone enumeration, enabling an adversary to use a small number of online DNSSEC queries combined with offline dictionary attacks to learn which dom...
متن کاملSecurity of the DNS Protocol - Implementation and Weaknesses Analyses of DNSSEC
Today, Internet offers many critical applications. So, it becomes very crucial for Internet service providers to ensure traceability of operations and to secure data exchange. Since all these communications are based on the use of the Domain Name System (DNS) protocol, it becomes necessary to think to enhance and secure it by proposing a secure version of this protocol that can correct the whol...
متن کاملSecurity for Future Internet Architecture - Motivation from DNSSEC
DNS has a long history of being the primary target of malicious network attacks. These attacks take advantage of the weakness that the domain name mapping information is not authenticated. This motivates the need of security global infrastructure for future internet architecture. DNSSEC is a secure extension of DNS, and is considered as one of the most important mechanisms for critical informat...
متن کاملAdvanced Technologies Enabling Multi-device Mobile Access to Current and Future (semantically Enriched) Web Applications, Services and Information Portals Thematic Area: 350405 Strategic Action on Open Source Software Deliverable D.7.2.1 Content-services Correlation Algorithms D.7.2.1 Content-services Correlation Algorithms, Page 2 of 18
متن کامل