This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Securing DNS: Extending DNS Servers with a DNSSEC Validator
September/October 2009 (vol. 7 no. 5)
pp. 36-43
ASCII Text
x 
 
Wouter C.A. Wijngaards, Benno J. Overeinder, "Securing DNS: Extending DNS Servers with a DNSSEC Validator," IEEE Security & Privacy, vol. 7, no. 5, pp. 36-43, September/October, 2009.
 
 
BibTex
x
 
@article{ 10.1109/MSP.2009.133,
author = {Wouter C.A. Wijngaards and Benno J. Overeinder},
title = {Securing DNS: Extending DNS Servers with a DNSSEC Validator},
journal ={IEEE Security & Privacy},
volume = {7},
number = {5},
issn = {1540-7993},
year = {2009},
pages = {36-43},
doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.133},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - MGZN
JO - IEEE Security & Privacy
TI - Securing DNS: Extending DNS Servers with a DNSSEC Validator
IS - 5
SN - 1540-7993
SP36
EP43
EPD - 36-43
A1 - Wouter C.A. Wijngaards,
A1 - Benno J. Overeinder,
PY - 2009
KW - Domain Name System
KW - DNS
KW - DNSSEC
KW - security
KW - chain of trust
KW - DNSSEC validator
KW - caching resolver
VL - 7
JA - IEEE Security & Privacy
ER -
 
DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a challenge. The authors examine several design options and discuss DNSSEC deployment's added cost to performance, using the Unbound caching validating resolver as an example.

1. D. Atkins and R. Austein, Threat Analysis of the Domain Name System (DNS), IETF RFC 3833, Aug. 2004; www.rfc-editor.org/rfc/rfc3833.txt.
2. M. Santcroos and O. Kolkman, DNS Threat Analysis, tech. report 2006-SE-01, NLnet Labs, May 2007.
3. A. Klein, "BIND 9 DNS Cache Poisoning," June 2007; www.trusteer.com/bind9dns.
4. D. Kaminsky, "Black Ops 2008: It's the End of the Cache As We Know It," keynote address, Black Hat USA 2008, Aug. 2008; www.doxpara.com/DMK_BO2K8.ppt.
5. A. Friedlander et al., "DNSSEC: A Protocol toward Securing the Internet Infrastructure," Comm. ACM, vol. 50, no. 6, 2007, pp. 44–50.
6. R. Aitchison, Pro DNS and BIND, Apress, 2005.
7. J. Jung et al., "DNS Performance and the Effectiveness of Caching," Proc. 1st ACM SIGCOMM Internet Measurement Workshop, ACM Press, 2001, pp. 153–167.
8. O. Kolkman, Measuring the Resource Requirements of DNSSEC, tech. report RIPE-352, RIPE NCC/NLnet Labs, Sept. 2005.
9. B. Ager, H. Dreger, and A. Feldmann, "Predicting the DNSSEC Overhead Using DNS Traces," Proc. 40th Ann. Conf. Information Sciences and Systems (CISS 06), IEEE Press, 2006, pp. 1484–1489.
10. E. Osterweil et al., "Quantifying the Operational Status of the DNSSEC Deployment," Proc. 8th ACM SIGCOMM Conf. Internet Measurement (IMC 08), ACM Press, 2008, pp. 231–241.
11. M. Larson and D. Blacka, "Port and Message ID Analysis of Resolvers Querying .com/.net Name Servers," Proc. Operations, Analysis, and Research Center Workshop (OARC 08), DNS-OARC, 2008; www.dns-oarc.net/oarc/workshop-2008/agenda.

Index Terms:
Domain Name System, DNS, DNSSEC, security, chain of trust, DNSSEC validator, caching resolver
Citation:
Wouter C.A. Wijngaards, Benno J. Overeinder, "Securing DNS: Extending DNS Servers with a DNSSEC Validator," IEEE Security & Privacy, vol. 7, no. 5, pp. 36-43, Sept.-Oct. 2009, doi:10.1109/MSP.2009.133
Usage of this product signifies your acceptance of the Terms of Use.