poster

POSTER: On the Resilience of DNS Infrastructure

Authors:
Haya Shulman

Technische Universität Darmstadt, darmstadt, Germany

Technische Universität Darmstadt, darmstadt, Germany
View Profile

,
Shiran Ezra

Bar Ilan University, Ramat-Gan, Israel

Bar Ilan University, Ramat-Gan, Israel
View Profile

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2014Pages 1499–1501https://doi.org/10.1145/2660267.2662376

Published:03 November 2014Publication History

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 1499–1501

ABSTRACT

We study the operational characteristics of the DNS infrastructure: transitive-trust, coresidence and servers placement. We discuss how these factors impact resilience, stability and security of the DNS services. As our study indicates, common configuration choices, that domain operators make, result in a fragile DNS infrastructure, susceptible to malicious attacks and benign failures. We provide recommendations for improving robustness of DNS.

References

A. Herzberg and H. Shulman. DNSSEC: Security and Availability Challenges. In Communications and Network Security (CNS), 2013 IEEE Conference on, pages 365--366. IEEE, 2013.Google ScholarCross Ref
A. Herzberg and H. Shulman. Fragmentation Considered Poisonous: or one-domain-to-rule-them-all.org. In CNS 2013. The Conference on Communications and Network Security. IEEE. IEEE, 2013.Google ScholarCross Ref
A. Herzberg and H. Shulman. Retrofitting Security into Network Protocols: The Case of DNSSEC. Internet Computing, IEEE, 18(1):66--71, 2014. Google ScholarDigital Library
V. Ramasubramanian and E. Sirer. Perils of transitive trust in the domain name system. In Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement, pages 35--35. USENIX Association, 2005. Google ScholarDigital Library

Index Terms

POSTER: On the Resilience of DNS Infrastructure
1. Networks
  1. Network protocols

Recommendations

Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Authoritative nameservers are delegated to provide the final resource record. Since the security and robustness of DNS are critical to the general operation of the Internet, domain name owners are required to deploy multiple candidate nameservers for ...
Read More
A Selective Re-Query Case Sensitive Encoding Scheme Against DNS Cache Poisoning Attacks

A domain name system (DNS) with a hierarchical domain name resolution scheme plays an important role in today's Internet surfing. To protect DNS against cache poisoning attacks is a key issue to achieve Internet security. A lot of defense schemes have ...
Read More
Antidotes for DNS Poisoning by Off-Path Adversaries
ARES '12: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security

Following to Kaminsky's attack (2008), cachingresolvers were patched with defenses against poisoning. So far, the main improvements were non-cryptographic and easy todeploy (requiring changes only in resolvers). Some of theseimprovements are widely ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA
Copyright © 2014 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 November 2014
Check for updates
Author Tags
DNS reliability
DNS security
coresidence
name server
zone file
Qualifiers
- poster
Conference

Acceptance Rates
CCS '14 Paper Acceptance Rate114of585submissions,19%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 4
  Total Citations
  View Citations
- 241
  Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

POSTER: On the Resilience of DNS Infrastructure

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers

A Selective Re-Query Case Sensitive Encoding Scheme Against DNS Cache Poisoning Attacks

Antidotes for DNS Poisoning by Off-Path Adversaries