The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2009 vol.7)
pp: 44-51
Eric Osterweil , University of California, Los Angeles
Lixia Zhang , University of California, Los Angeles
The Domain Name System (DNS) has been a critical component of the Internet since the 1980s. Incidents from the wild, such as recent cache poisoning exploits, emphasize that it's vulnerable to attacks. DNS Security Extensions (DNSSEC) define a way to use cryptography for end-to-end protection of DNS data. Although the visible deployment of DNSSEC has grown at a tremendous rate, evidence suggests that the management of cryptographic keys is deceptively complex and has led to visible misconfigurations. Here, the authors outline the problem of managing DNSKEYs as it stands today, and where there exist competing proposed solutions, present a survey comparison.
network-level security and protection, communication/networking and information technology, computer systems organization, network management, network operations, public key cryptosystems, data encryption
Eric Osterweil, Lixia Zhang, "Interadministrative Challenges in Managing DNSKEYs", IEEE Security & Privacy, vol.7, no. 5, pp. 44-51, September/October 2009, doi:10.1109/MSP.2009.126
1. P. Mockapetris and K.J. Dunlap, "Development of the Domain Name System," Proc. SIGCOMM Conf. (SIGCOMM 88), ACM Press, 1988, pp. 123–133.
2. CERT, Cert vulnerability note vu#800113, 2008;
3. R. Arends et al., DNS Security Introduction and Requirement, IETF RFC 4033, Mar. 2005;
4. R. Arends et al., Resource Records for the DNS Security Extensions, IETF RFC 4034, Mar. 2005;
5. R. Arends et al., Protocol Modifications for the DNS Security Extensions, IETF RFC 4035, Mar. 2005;
6. S.M. Bellovin, "Using the Domain Name System for System Break-ins," Proc. 5th Usenix Unix Security Symp., Usenix Assoc., 1995, pp. 199–208.
7. D. Atkins and D. Austein, Threat Analysis of the Domain Name System (DNS), IETF RFC 3833, Aug. 2004;
8. O. Kolkman and R. Gieben, DNSSEC Operational Practices, IETF RFC 4641, Sept. 2006;
9. E. Osterweil et al., "Quantifying the Operational Status of the DNSSEC Deployment," Proc. 8th ACM SIGCOMM Conf. Internet Measurement (IMC 08), ACM Press, 2008, pp. 231–242.
10. S. Weiler, DNSSEC Lookaside Validation (DLV), IETF RFC 5074, Sparta, Nov. 2007;
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool