Sciweavers

NDSS
2009
IEEE

Recursive DNS Architectures and Vulnerability Implications

14 years 7 months ago
Recursive DNS Architectures and Vulnerability Implications
DNS implementers face numerous choices in architecting DNS resolvers, each with profound implications for security. Absent the use of DNSSEC, there are numerous interim techniques to improve DNS forgery resistance. We explore how different resolver architectures can affect the risk of DNS poisoning. The contributions of this work include: (A) We create a comprehensive, accurate model of DNS poisoning. We show how this model is more sensitive than other previous explanations of DNS poisoning. (B) We further catalog the major architectural choices DNS implementers can make in query management. We note real-world instances where these choices have weakened the security of resolvers, and measure the impact on security using our model. Our study revealed numerous, previously unknown vulnerabilities in common DNS servers.
David Dagon, Manos Antonakakis, Kevin Day, Xiapu L
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where NDSS
Authors David Dagon, Manos Antonakakis, Kevin Day, Xiapu Luo, Christopher P. Lee, Wenke Lee
Comments (0)