Title :
Enhancing DNS security using the SSL trust infrastructure
Author :
Fetzer, Christof ; Pfeifer, Gert ; Jim, Trevor
Author_Institution :
Dept. of Comput. Sci., Dresden Univ. of Technol., Germany
Abstract :
The main functionality of the domain name system (DNS) is to translate symbolic names into IP addresses. Due to the criticality of DNS for the proper functioning of the Internet, many improvements have been proposed for DNS in terms of security and dependability. However, the current secure DNS (DNSSEC) standard has still several problems that need further consideration. For example, online updates and denial of service attacks are not sufficiently addressed. These problems are serious obstacles that might prevent DNSSEC from replacing the traditional DNS. In this paper we discuss several of these technical and economic problems. To address these issues, we propose a simple extension to the existing DNS. It is SSL based and individual domains can decide independently of each other if and when to adopt the extensions. We show how to implement these extensions with the help of a simple proxy DNS server.
Keywords :
Internet; security of data; DNS security; IP addresses; Internet; SSL trust infrastructure; data security; denial of service attacks; domain name system; online updates; proxy DNS server; Computer architecture; Computer crime; Computer science; Data security; Delay; Domain Name System; Large-scale systems; Standards development; Web and internet services; Web server;
Conference_Titel :
Object-Oriented Real-Time Dependable Systems, 2005. WORDS 2005. 10th IEEE International Workshop on
Print_ISBN :
0-7695-2347-1
DOI :
10.1109/WORDS.2005.33
