This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Open Issues in Secure DNS Deployment
September/October 2009 (vol. 7 no. 5)
pp. 29-35
Ramaswamy Chandramouli, National Institute of Standards and Technology
Scott Rose, National Institute of Standards and Technology
The Domain Name System's growth has been unprecedented, but protocol vulnerabilities threaten its stability and trustworthiness. The Internet Engineering Task Force's DNS Security Extensions specification aims to protect the system from these attacks.

1. R. Chandramouli and S. Rose, Secure Domain Name System (DNS) Deployment, NIST special publication (SP 800-81); http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf.
2. D. Atkins and R. Austein, Threat Analysis of the Domain Name System (DNS), IETF RFC 3833, Aug. 2004; www.ietf.org/rfc/rfc3833.txt.
3. G. Lawton, "Stronger Domain Name System Thwarts Root-Server Attacks," Computer, vol. 40, no. 5, 2007, pp. 14–17.
4. R. Arends et al., DNS Security Introduction and Requirements, IETF RFC 4033, Mar. 2005; www.ietf.org/rfc/rfc4033.txt.
5. R. Arends et al., Resource Records for the DNS Security Extensions, IETF RFC 4034, Mar. 2005; www.ietf.org/rfc/rfc4034.txt.
6. R. Arends et al., Protocol Modifications for the DNS Security Extensions, IETF RFC 4035, Mar. 2005; www.ietf.org/rfc/rfc4035.txt.
7. O. Kolkman et al., DNSSEC Operational Practices, IETF RFC 4641, Sept. 2006; www.ietf.org/rfc/rfc4641.txt.
8. Federal Information Processing Standard 180-3, Secure Hash Standard (SHS), FIPS, Oct. 2008.
9. E. Barker et al., Recommendations for Key Management Part 1: General, NIST Special Publication 800-57, Part 1, Mar. 2007; http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1-revised2_Mar08-2007.pdf.
10. E. Barker et al., Recommendations for Key Management Part 3: Application- Specific Key Management Guidance, NIST special publication 800-57, Part 3, Oct. 2008; http://csrc.nist.gov/publications/drafts/800-57-part3/Draft_SP800-57-Part3_Recommendationsforkeymanagement.pdf.
11. P. Vixie, Extension Mechanisms for DNS (EDNS0), IETF RFC 2671, Aug. 1999; www.ietf.org/rfc/rfc2671.txt.
12. "Trust Anchor Repositories—Statement of Needed Internet Capability," SPARTA, Shinkuro, and NIST, June 2008; www.dnssec-deployment.org/tar/tarpaper.pdf.
13. M. St. Johns, Automated Updates of DNS Security (DNSSEC) Trust Anchors, IETF RFC 5011, Sept. 2007; www.ietf.org/rfc/rfc5011.txt.
14. S. Weiler, DNSSEC Lookaside Validation (DLV), IETF RFC 5074 (informational), Nov. 2007; www.ietf.org/rfc/rfc5074.txt.

Index Terms:
Domain Name System, secure transactions, query/response, IETF specifications, DNS
Citation:
Ramaswamy Chandramouli, Scott Rose, "Open Issues in Secure DNS Deployment," IEEE Security & Privacy, vol. 7, no. 5, pp. 29-35, Sept.-Oct. 2009, doi:10.1109/MSP.2009.129
Usage of this product signifies your acceptance of the Terms of Use.