ConfiDNS: leveraging scale and history to improve DNS security
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries
Proceedings of the 15th ACM conference on Computer and communications security
DepenDNS: Dependable Mechanism against DNS Cache Poisoning
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
ISC'10 Proceedings of the 13th international conference on Information security
ISC'10 Proceedings of the 13th international conference on Information security
Hi-index | 0.00 |
Recently, a new scheme to protect clients against DNS cache poisoning attacks was introduced. The scheme is referred to as DepenDNS and is intended to protect clients against such attacks while being secure, practical, efficient and conveniently deployable. In our paper we examine the security and the operational aspects of DepenDNS. We highlight a number of severe operational deficiencies that the scheme has failed to address. We show that cache poisoning and denial of service attacks are possible against the scheme. Our findings and recommendations have been validated with real data collected over time.