Issue No.05 - September/October (2009 vol.7)
Wouter C.A. Wijngaards , NLnet Labs
Benno J. Overeinder , NLnet Labs
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.133
DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a challenge. The authors examine several design options and discuss DNSSEC deployment's added cost to performance, using the Unbound caching validating resolver as an example.
Domain Name System, DNS, DNSSEC, security, chain of trust, DNSSEC validator, caching resolver
Wouter C.A. Wijngaards, Benno J. Overeinder, "Securing DNS: Extending DNS Servers with a DNSSEC Validator", IEEE Security & Privacy, vol.7, no. 5, pp. 36-43, September/October 2009, doi:10.1109/MSP.2009.133