DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC

Krishnaswamy, Suresh; Hardaker, Wes; Mundy, Russ

doi:10.1109/catch.2009.21

Cited by 9 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the earliest proposed solutions to resolve DNS vulnerabilities is the DNSSEC extension developed by the Internet Engineering Task Force (IETF) and published in 1997 [4]. This extension adds security measures to the original DNS protocol by using cryptography.…”

Section: Dns Security Issuesmentioning

confidence: 99%

Security analysis and solution for thwarting cache poisoning attacks in the Domain Name System

Bassil

Hobeica

Itani

et al. 2012

2012 19th International Conference on Telecommunications (ICT)

View full text Add to dashboard Cite

The Domain Name System is a crucial part of the Internet's infrastructure, as it provides basic information that is vital for the proper operation of the Internet. The importance of DNS has caused it to be targeted by malicious attackers who are interested in causing damage and gaining personal benefits. Thus nowadays, DNS faces many security threats such as DNS spoofing and cache poisoning attacks. This paper presents S-DNS, an efficient security solution for thwarting cache poisoning attacks in the DNS hierarchy. The contribution of the S-DNS protocol lies in: (1) decreasing the success probability of DNS spoofing and cache poisoning by preventing man-in-the-middle attacks, (2) providing a backward compatible and simple security solution with low computation and communication overheads, (3) targeting the different DNS query interaction models from iterative, recursive, and caching schemes, and (4) employing an efficient IdentityBased Encryption key management scheme that relieves the different DNS interacting entities from the burden and complexities of traditional public-key infrastructures.

show abstract

Section: Dns Security Issuesmentioning

confidence: 99%

Security analysis and solution for thwarting cache poisoning attacks in the Domain Name System

Bassil

Hobeica

Itani

et al. 2012

2012 19th International Conference on Telecommunications (ICT)

View full text Add to dashboard Cite

show abstract

“…The method once again decreases the probability of success attack, but it has some limitation such as that not all the DNS server is case sensitive and can't either stop the attacker completely. Some other strategies such as DNSSEC [5,9] and TSIG [12] can almost terminate the cache poisoning attack by using complicated cryptology and authorization mechanism, but modification of existing DNS are needed and hard to deploy.…”

Section: Introductionmentioning

confidence: 99%

“…People tried to find ways to enhance the security of DNS and get some improvement [1][2][3][4][5][6][7][8][9][10][11][12]. First widely used strategy is transaction ID randomizing [10].…”

Section: Introductionmentioning

confidence: 99%

Prevent DNS Cache Poisoning Using Security Proxy

Fan

Wang

Cheng

et al. 2011

2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies

View full text Add to dashboard Cite

DNS has been suffering from cache poisoning attack for a long time. The attacker sends camouflaged DNS response to trick the domain name server, and inserts malicious resource record into the cached database. Because the original DNS protocol only depends on 16-bit transaction ID to verify the response packet, it is prone to be guessed by the attacker. Although many strategies such as transaction randomizing, source port randomizing and the 0x20 technique have been applied to improve the resistance of DNS, the attacker still has chance to poison DNS server in an acceptable time. Other more complicated strategy such as DNSSEC which provides stricter prevention mechanism is not easy to deploy and is not widely adopted yet. To address the problem, we present a novel strategy called Security Proxy. The architecture can be easily implemented and deployed on existing DNS server without modification of DNS server itself. The embedded two schemes Selective Re-Query and Security Label Communication can cooperate and effectively prevent the cache poisoning attack. We analyze our strategy from both the capability and efficiency. Then we find that our Security Proxy has obvious advantage over the original transaction ID, the source port randomizing and 0x20 techniques.

show abstract

Oh SSH-it, What’s My Fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS

Neef¹,

Wisiol²

2022

Cryptology and Network Security

View full text Add to dashboard Cite

DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC

Cited by 9 publications

References 8 publications

Security analysis and solution for thwarting cache poisoning attacks in the Domain Name System

Security analysis and solution for thwarting cache poisoning attacks in the Domain Name System

Prevent DNS Cache Poisoning Using Security Proxy

Oh SSH-it, What’s My Fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS

Contact Info

Product

Resources

About