Advertisement

Why Bother Securing DNS?

  • Dieter GollmannEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8809)

Abstract

The current state of DNS security is characterized by two opposing developments. DNSSEC introduces a PKI to support message authentication in the DNS protocol; DANE proposes to use this PKI also for provisioning TLS certificates. At the same time, PKIs are perceived as a major point of weakness; mechanisms like certificate pinning attempt to reduce the trust one needs to place in a PKI. We note that DNS provides rendezvous, identification, and introduction services and argue that this differentiation can reduce the impact of compromised trusted third parties.

Keywords

Domain Name System TLS DANE Identification Rendezvous services Critical infrastructures 

Notes

Acknowledgements

The author thanks Daniel Thomas for a constructive criticism of this paper.

References

  1. 1.
    Aura, T., Roe, M., Arkko, J.: Security of internet location management. In: Proceedings of the 18th Annual Computer Security Applications Conference, pp. 78–87, December 2002Google Scholar
  2. 2.
    Day, K.: Rapid DNS poisoning in djbdns, February 2009. http://www.your.org/dnscache/djbdns.pdf. Accessed 5 June 2014
  3. 3.
    Dean, D., Felten, E.W., Wallach, D.S.: Java security: from HotJava to Netscape and beyond. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 190–200 (1996)Google Scholar
  4. 4.
    Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 421–431 (2007)Google Scholar
  5. 5.
    Johns, M.: (Somewhat) breaking the same-origin policy by undermining DNS pinning. Posting to the Bug Traq mailing list, August 2006. http://www.securityfocus.com/archive/107/443429/30/180/threaded. Accessed 5 June 2014
  6. 6.
    Schuba, C.: Addressing weaknesses in the domain name system protocol. Ph.D. thesis, Purdue University (1993)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Security in Distributed ApplicationsHamburg University of TechnologyHamburgGermany

Personalised recommendations