Survey on Domain Name System Security

Domain Name System (DNS) is one of the most crucial components of the Internet. However, due to the vulnerability of DNS, its security has been continuously challenged in recent years. In order to thoroughly understand the root cause of the security risks in the DNS, researches in DNS security are surveyed, and vulnerabilities in DNS and corresponding countermeasures are summarized. First, based on the protocol design and implementation of DNS, weaknesses in DNS fall into 5 categories: cache poisoning, denial of service, software vulnerabilities, information leakage and unauthorized data manipulation. Then, fundamental properties and defense approaches for the 5 categories are analyzed. Next, to improve the Internet name service, new secure DNS architectures are analyzed and compared. And finally, future aspects of research in DNS security are discussed.

[1]  Patrick Schmitz,et al.  Comparison of DNSSEC and DNSCurve securing the Object Name Service (ONS) of the EPC Architecture Framework , 2010 .

[2]  Emin Gün Sirer,et al.  The design and implementation of a next generation name service for the internet , 2004, SIGCOMM '04.

[3]  Xiapu Luo,et al.  WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[4]  Michael B. Jones,et al.  Overlook: scalable name service on an overlay network , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[5]  Emin Gün Sirer,et al.  Beehive: O(1) Lookup Performance for Power-Law Query Distributions in Peer-to-Peer Overlays , 2004, NSDI.

[6]  Ben Laurie,et al.  DNS Security (DNSSEC) Hashed Authenticated Denial of Existence , 2008, RFC.

[7]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[8]  Robert Tappan Morris,et al.  Serving DNS Using a Peer-to-Peer Lookup Service , 2002, IPTPS.

[9]  Donald E. Eastlake Secure Domain Name System Dynamic Update , 1997, RFC.

[10]  Zhe Wang,et al.  CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups , 2004, OSDI.

[11]  Yakov Rekhter,et al.  Dynamic Updates in the Domain Name System (DNS UPDATE) , 1997, RFC.

[12]  Steven M. Bellovin,et al.  Using the Domain Name System for System Break-ins , 1995, USENIX Security Symposium.

[13]  Matthew Caesar,et al.  Improving robustness of DNS to software vulnerabilities , 2011, ACSAC '11.