Protecting the Domain Name System

The Domain Name System (DNS) is the worldwide system that associates a category of digital identifiers, called domains, with a variety of data. The identified threats to DNS communications and components are listed in the Internet Engineering Task Force´s specification (RFC 3833). They are: Packet Interception, ID Guessing and Query Prediction, Cache Poisoning, etc. It is clear therefore that the DNS is still far from secure. Existing flaws can affect public Internet users as well as enterprise users. The ISP´s recursive resolvers, as well as enterprise ones, have to be secured. The aim of this paper is brings the latest changes in this crucial service and possible solutions for verifying the authenticity and protecting the integrity of the DNS data in the communication between the recursive resolvers and authoritative servers as well as explaining DNSSEC the security extension to the DNS that, if deployed, can solve the cache poisoning problem.