DNS performance and the effectiveness of caching
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
DNS and BIND
Proactive Caching of DNS Records: Addressing a Performance Bottleneck
SAINT '01 Proceedings of the 2001 Symposium on Applications and the Internet (SAINT 2001)
Using the domain name system for system break-ins
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Algorithm for DNSSEC trusted key rollover
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Hi-index | 0.00 |
The Domain Name System (DNS) is a distributed tree-based database largely used to translate a human readable machine name into an IP address. The DNS security extensions (DNSSEC) has been designed to protect the DNS protocol using public key cryptography and digital signatures. Every secure DNS zone owns at least a key pair (public/private) to provide two security services: data integrity and authentication. To trust some DNS data, a DNS client has to verify the signature of this data with the right zone key. This verification is based on the establishment of a chain of trust. To build this chain of trust, a DNSSEC client needs a secure entry point: a zone key configured as trusted in the client. In this paper, we study the management problem of this kind of key also call the trusted key rollover problem. We propose a new resource record (RR) to automate this rollover and avoid the inconsistency problem between the resolver key set and the name server key set. Without our new record and solution, this problem needs an administrator action to be solved.