Abstract
The domain name system (DNS) is the most essential part of primary Internet infrastructure that translates hostnames to IP addresses. DNS server is available to all users to resolve their hostnames. They are not configured with any administrative control. DNS is an open resolver so that it is a hot cake for attackers to perform various attacks such as cache poisonings, DOS, and DDOS attacks. DNS only converts domain names to their matching IP addresses without providing any protection when sending messages. The man-in-the-middle can easily snoop into the insecure channel and can get the user’s sensitive information. Due to this drawback of DNS, we came across another more secure layer of DNSSEC. DNSSEC uses certificates to authenticate the servers, and hence, more secure than DNS. It protects the DNS from other vulnerabilities as well. However, DNSSEC has its security concerns like confidentiality, packet fragmentation, amplification attack, and mainly it is a strong source of a DDOS attack. In this paper, we discuss how to increase the security of DNSSEC protocol by adding an extra layer of security using the EV-SSL certificate to overcome DNS security threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://www.inetdaemon.com/tutorials/internet/dns/operation/hierarchy.shtml
Jalalzai MH, Shahid, WB, Iqbal MMW (2015) DNS security challenges and best practices to deploy secure DNS with digital signatures. In: Proceedings of 2015 12th international Bhurban conference on applied sciences and technology (IBCAST) Islamabad, Pakistan, 13–17 January 2015
Zou F, Zhang S, Pang L, Li L, Li J, Pei B (2016) Survey on DNS security. In: 2016 IEEE icon data science in cyberspace
Todd B (2000) Distributed Denial of service attacks, Feb. 18, 2000.http://www.linuxsecurity.com/resource/files/intrusion/detection/ddos–whitepaper.html
Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39(1), Article 3
Tariq U, Hong M, Lhee K (2006) A comprehensive categorization of DDoS attack and DDoS defense techniques. ADMA LNAI 4093:1025–1036
Wikipedia. https://en.wikipedia.org
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
Shulman H, Waidner M (2014) Towards forensic analysis of attacks with DNSSEC. In: Proceedings of the 2014 IEEE security and privacy workshops, SPW’14, May 17–18, 2014, pp 69–76
GlobalSign GMO INTERNET GROUP, “SSL Information Center”. https://www.globalsign.com/en/ssl-informationcenter/what-is-an-ssl-certificate/
https://www.globalsign.com/en-au/ssl-information-center/what-is-an-ssl-certificate/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Usman Aijaz, N., Misbahuddin, M., Raziuddin, S. (2021). Survey on DNS-Specific Security Issues and Solution Approaches. In: Jat, D.S., Shukla, S., Unal, A., Mishra, D.K. (eds) Data Science and Security. Lecture Notes in Networks and Systems, vol 132. Springer, Singapore. https://doi.org/10.1007/978-981-15-5309-7_9
Download citation
DOI: https://doi.org/10.1007/978-981-15-5309-7_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-5308-0
Online ISBN: 978-981-15-5309-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)