DocumentCode :
1492876
Title :
Protecting the DNS from Routing Attacks: Two Alternative Anycast Implementations
Author :
Avramopoulos, Ioannis ; Suchara, Martin
Author_Institution :
Deutsche Telekom Labs., Berlin, Germany
Volume :
7
Issue :
5
fYear :
2009
Firstpage :
14
Lastpage :
20
Abstract :
The domain name system is a critical piece of the Internet and supports most Internet applications. Because it´s organized in a hierarchy, its correct operation depends on the availability of just a few servers at the hierarchy´s upper levels. These backbone servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space. Using routing attacks in this way, an adversary can compromise the Internet´s availability and integrity at a global scale. In this article, the authors evaluate the relative resilience to routing attacks of two alternative anycast DNS implementations. The first operates at the network layer and the second at the application layer. The evaluation informs fundamental DNS design decisions and an important debate on the routing architecture of the Internet.
Keywords :
Internet; telecommunication network routing; telecommunication security; DNS protection; Internet availability; backbone server address space; domain name system; routing attack; Computer crime; Control systems; Domain Name System; Internet; Network servers; Protection; Resilience; Routing; Spine; Web server; DNS; Domain Name System; anycast; secure routing;
fLanguage :
English
Journal_Title :
Security & Privacy, IEEE
Publisher :
ieee
ISSN :
1540-7993
Type :
jour
DOI :
10.1109/MSP.2009.131
Filename :
5280126
Link To Document :
بازگشت