DNSSEC: Security and availability challenges

Amir Herzberg, Haya Shulman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

26 Scopus citations

Abstract

DNSSEC was proposed more than 15 years ago but its (correct) adoption is still very limited. Recent cache poisoning attacks motivate deployment of DNSSEC. In this work we present a comprehensive overview of challenges and potential pitfalls of DNSSEC, including: ▶ Vulnerable configurations: we show that inter-domain referrals (via NS, MX and CNAME records) present a challenge for DNSSEC deployment and may result in vulnerable configurations. Due to the limited deployment so far, these configurations are expected to be popular. ▶ Incremental Deployment: we discuss implications of interoperability problems on DNSSEC validation by resolvers and potential for increased vulnerability due to popular practices of incremental deployment. ▶ Super-sized Response Challenges: we explain how large DNSSEC-enabled DNS responses cause interoperability challenges, and can be abused for DoS and even DNS poisoning.

Original languageEnglish
Title of host publication2013 IEEE Conference on Communications and Network Security, CNS 2013
PublisherIEEE Computer Society
Pages365-366
Number of pages2
ISBN (Print)9781479908950
DOIs
StatePublished - 2013
Event1st IEEE International Conference on Communications and Network Security, CNS 2013 - Washington, DC, United States
Duration: 14 Oct 201316 Oct 2013

Publication series

Name2013 IEEE Conference on Communications and Network Security, CNS 2013

Conference

Conference1st IEEE International Conference on Communications and Network Security, CNS 2013
Country/TerritoryUnited States
CityWashington, DC
Period14/10/1316/10/13

Fingerprint

Dive into the research topics of 'DNSSEC: Security and availability challenges'. Together they form a unique fingerprint.

Cite this