Skip to main content
SpringerLink
Log in

Why Bother Securing DNS?

  • Conference paper
  • First Online:
Security Protocols XXII (Security Protocols 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8809))

Included in the following conference series:

Abstract

The current state of DNS security is characterized by two opposing developments. DNSSEC introduces a PKI to support message authentication in the DNS protocol; DANE proposes to use this PKI also for provisioning TLS certificates. At the same time, PKIs are perceived as a major point of weakness; mechanisms like certificate pinning attempt to reduce the trust one needs to place in a PKI. We note that DNS provides rendezvous, identification, and introduction services and argue that this differentiation can reduce the impact of compromised trusted third parties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html

  2. 2.

    https://www.fehcom.net/diary/2014/20140212.html, http://www.heise.de/newsticker/meldung/DNS-Server-des-CCC-Anfaellig-wegen- veralteter-Software-2112171.html

  3. 3.

    http://www.root-dnssec.org/

  4. 4.

    http://stats.research.icann.org/dns/tld_report/

  5. 5.

    https://www.iana.org/dnssec/icann-dps.txt

  6. 6.

    http://tools.ietf.org/html/draft-jabley-dnssec-trust-anchor-07

  7. 7.

    http://www.onderzoeksraad.nl/uploads/items-docs/1833/Rapport_Diginotar_EN_ summary.pdf

  8. 8.

    https://twitter.com/mikko/status/327170802673917952

  9. 9.

    http://tools.ietf.org/html/draft-nikander-ram-ilse-00

References

  1. Aura, T., Roe, M., Arkko, J.: Security of internet location management. In: Proceedings of the 18th Annual Computer Security Applications Conference, pp. 78–87, December 2002

    Google Scholar 

  2. Day, K.: Rapid DNS poisoning in djbdns, February 2009. http://www.your.org/dnscache/djbdns.pdf. Accessed 5 June 2014

  3. Dean, D., Felten, E.W., Wallach, D.S.: Java security: from HotJava to Netscape and beyond. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 190–200 (1996)

    Google Scholar 

  4. Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 421–431 (2007)

    Google Scholar 

  5. Johns, M.: (Somewhat) breaking the same-origin policy by undermining DNS pinning. Posting to the Bug Traq mailing list, August 2006. http://www.securityfocus.com/archive/107/443429/30/180/threaded. Accessed 5 June 2014

  6. Schuba, C.: Addressing weaknesses in the domain name system protocol. Ph.D. thesis, Purdue University (1993)

    Google Scholar 

Download references

Acknowledgements

The author thanks Daniel Thomas for a constructive criticism of this paper.

Author information

Authors and Affiliations

  1. Security in Distributed Applications, Hamburg University of Technology, Hamburg, Germany

    Dieter Gollmann

Authors
  1. Dieter Gollmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dieter Gollmann .

Editor information

Editors and Affiliations

  1. University of Hertfordshire, Hertfordshire, United Kingdom

    Bruce Christianson

  2. University of Hertfordshire, Hertfordshire, United Kingdom

    James Malcolm

  3. Masaryk University Faculty of Informatics, Brno, Czech Republic

    Vashek Matyáš

  4. Masaryk University Faculty of Informatics, Brno, Czech Republic

    Petr Å venda

  5. University of Cambridge, Cambridge, United Kingdom

    Frank Stajano

  6. Memorial University of Newfoundland, St. John's, Newfoundland and Labrador, Canada

    Jonathan Anderson

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Gollmann, D. (2014). Why Bother Securing DNS?. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science(), vol 8809. Springer, Cham. https://doi.org/10.1007/978-3-319-12400-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12400-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12399-8

  • Online ISBN: 978-3-319-12400-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation