Security vulnerabilities in DNS and DNSSEC

Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

Volumn , Issue , 2007, Pages 335-342

  Ariyapperuma, Suranjith ^a   Mitchell, Chris J ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

Cryptography; DNS; DNSSEC; Security

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER CRIME; CRYPTOGRAPHY; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; ROBUST CONTROL;

DOMAIN NAME SYSTEM (DNS); INTERNET ENGINEERING TASK FORCE (IETF); MAN IN THE MIDDLE (MITM) ATTACKS; OPERATIONAL FLAWS;

NETWORK SECURITY;

EID: 34548170285     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2007.139     Document Type: Conference Paper

References (32)

1. D. E. 3rd. Secure domain name system dynamic update. RFC 2137, Internet Engineering Task Force, Apr. 1997.
2. D. E. 3rd. DNS security operational considerations. RFC 2541, Internet Engineering Task Force, Mar. 1999.
3. D. E. 3rd. DSA KEYs and SIGs in the domain name system (DNS). RFC 2536, Internet Engineering Task Force, Mar. 1999.
4. D. E. 3rd. RSA/MD5 KEYs and SIGs in the domain name system (DNS). RFC 2537, Internet Engineering Task Force, Mar. 1999.
5. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS security introduction and requirements. RFC 4033, Internet Engineering Task Force, Mar. 2005.
6. D. Atkins and R. Austein. Threat analysis of the domain name system (DNS). RFC 3833, Internet Engineering Task Force, Aug. 2004.
7. S. M. Bellovin, J. Schiller, and C. Kaufman. Security mechanisms for the Internet. RFC 3631, Internet Engineering Task Force, Dec. 2003.
8. N. Brownlee, K. Claffy, and E. Nemeth. DNS measurements at a root server. Technical report, Cooperative Association for Internet Data Analysis -CAIDA, San Diego Supercomputer Center, University of California, San Diego, 2001.
9. D. W. Chadwick and G. Zhao, editors. Public Key Infrastructure, Second European PKI Workshop: Research and Applications, EuroPKI 2005, Canterbury, UK, June 30 - July 1, 2005, Revised Selected Papers, volume 3545 of Lecture Notes in Computer Science. Springer, 2005.
10. B. Cohen. DNSSEC: Security for Essential Network Services. Enterprise Networking Planet, 2003.
11. I. A. Finlay. CERT advisory CA-2002-15 denial-of-service vulnerability in ISC BIND 9. Internet, 2002.
12. R. Gieben. DNSSEC in NL Final Report. Technical report, NLnet Labs, 2004.
13. L. Grangeia. Dns cache snooping. Technical report, Securi Team -Beyond Security, February 2004.
14. O. M. Kolkman. Measuring the resource requirements of dnssec. Technical report, RIPE NCC / NLnet Labs, October 2005.
15. B. Laurie, G. Sisson, R. Arends, and D. Blacka. Dnssec hashed authenticated denial of existence draftietf-dnsext-nsec3-06. Technical report, Internet Engineering Task Force, June 2006.
16. J. Leyden. Phishing morphs into pharming. Technical report, www.theregister.co.uk.
17. P. Mockapetris and K. J. Dunlap. Development of the domain name system. In SIGCOMM '88: Symposium proceedings on Communications architectures and protocols, pages 123-133, New York, NY, USA, 1988. ACM Press.
18. P. V. Mockapetris. Domain names - concepts and facilities. RFC 1034, Internet Engineering Task Force, Nov. 1987.
19. P. V. Mockapetris. Domain names - implementation and specification. RFC 1035, Internet Engineering Task Force, Nov. 1987.
20. R. Naraine. Massive DDoS attack hit DNS root servers. Technical report, Internet News -www.internetnews.com, 2002.
21. G. Ollmann. The phishing guide. Technical report, Next Generation Security Software (NGS), 2005.
22. C. Partridge and G. Trewitt. HEMS variable definitions. RFC 1024, Internet Engineering Task Force, Oct. 1987.
23. C. L. Paul Albitz. DNS and BIND. O'Reilly, 2001.
24. J. B. Postel. TCP and IP bake off. RFC 1025, Internet Engineering Task Force, Sept. 1987.
25. Reseaux IP Europeens (RIPE) NCC. K-root statistics, k.root-servers.net. Technical report, Reseaux IP Europeens, 2004.
26. Sainstitute. Attacking the DNS Protocol Security Paper v2. Technical report, Security Associates Institute, 2003.
27. M. Schiffman. Bound by tradition: A sampling of the security posture of the internet's DNS servers. Internet, 2003.
28. J. Udell. Needed: Rapid internet response. Technical report, Infoworld - www.infoworld.com, 2004.
29. P. Vixie. Extension mechanisms for DNS (EDNSO). RFC 2671, Internet Engineering Task Force, Aug. 1999.
30. P. Vixie, S. Thomson, Y Rekhter, and J. Bound. Dynamic updates in the domain name system (DNS UP-DATE). RFC 2136, Internet Engineering Task Force, Apr. 1997.
31. S. Weiler and J. Ihren. Minimally covering NSEC records and DNSSEC on-line signing. RFC 4070, Internet Engineering Task Force, Apr. 2006.
32. D. Wessels and M. Fomenkov. Wow, that's a lot of packets. Technical report, Cooperative Association for Internet Data Analysis -CAIDA, San Diego Supercomputer Center, University of California, San Diego, 2003.