DNS and BIND Security Issues
نویسنده
چکیده
Efforts are underway to add security to the DNS protocol. We have observed that if BIND would just do what the DNS specifications say it should do, stop crashing, and start checking its inputs, then most of the existing security holes in DNS as practiced would go away. To be sure, attackers would still have a pretty easy time co-opting DNS in their break-in attempts. Our aim has been to get BIND to the point where its only vulnerabilities are due to the DNS protocol, and not to the implementation. This paper describes our progress to date.
منابع مشابه
Provably Secure DNS: A Case Study in Reliable Software
We describe the use of formal methods in the development of IRONSIDES, an implementation of DNS with superior performance to both BIND and Windows, the two most common DNS servers on the Internet. More importantly, unlike BIND and Windows, IRONSIDES is impervious to all single-packet denial of service attacks and all forms of remote code execution.
متن کاملNew gTLD Security and Stability Considerations
The introduction of multitudes of new generic Top Level Domains (gTLDs) into the DNS (the Internet’s de facto name mapping system) will have far-reaching effects. Any party concerned with the issues of privacy, trust, confidence, or the overall security of the DNS after the addition of new gTLDs (either from the consumer or the operator perspective) is implicitly depending on the Internet Corpo...
متن کاملGDS Resource Record: Generalization ofthe Delegation Signer Model
Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys to sign its resource records in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attacks on DNS. The DNSSEC validation process is based on the establishment ...
متن کاملTowards Plugging Privacy Leaks in Domain Name System
Privacy leaks are an unfortunate and an integral part of the current Internet domain name resolution. Each DNS query generated by a user reveals – to one or more DNS servers – the origin and target of that query. Over time, a user’s browsing behavior might be exposed to entities with little or no trust. Current DNS privacy leaks stem from fundamental features of DNS and are not easily fixable b...
متن کاملEnabling Secure On-Line DNS Dynamic Update
Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. In this paper, we point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS...
متن کامل