Enhancing DNS security using the SSL trust infrastructure

Author

Fetzer, Christof ; Pfeifer, Gert ; Jim, Trevor

Author_Institution

Dept. of Comput. Sci., Dresden Univ. of Technol., Germany

fYear

2005

fDate

2-4 Feb. 2005

Firstpage

21

Lastpage

27

Abstract

The main functionality of the domain name system (DNS) is to translate symbolic names into IP addresses. Due to the criticality of DNS for the proper functioning of the Internet, many improvements have been proposed for DNS in terms of security and dependability. However, the current secure DNS (DNSSEC) standard has still several problems that need further consideration. For example, online updates and denial of service attacks are not sufficiently addressed. These problems are serious obstacles that might prevent DNSSEC from replacing the traditional DNS. In this paper we discuss several of these technical and economic problems. To address these issues, we propose a simple extension to the existing DNS. It is SSL based and individual domains can decide independently of each other if and when to adopt the extensions. We show how to implement these extensions with the help of a simple proxy DNS server.

Keywords

Internet; security of data; DNS security; IP addresses; Internet; SSL trust infrastructure; data security; denial of service attacks; domain name system; online updates; proxy DNS server; Computer architecture; Computer crime; Computer science; Data security; Delay; Domain Name System; Large-scale systems; Standards development; Web and internet services; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Object-Oriented Real-Time Dependable Systems, 2005. WORDS 2005. 10th IEEE International Workshop on

ISSN

1530-1443

Print_ISBN

0-7695-2347-1

Type

conf

DOI

10.1109/WORDS.2005.33

Filename

1544774