Development of the domain name system
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Impact of configuration errors on DNS robustness
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Perils of transitive trust in the domain name system
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries
Proceedings of the 15th ACM conference on Computer and communications security
Deploying and Monitoring DNS Security (DNSSEC)
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Hi-index | 0.00 |
Name resolution using the Domain Name System (DNS) is integral to today's Internet. The resolution of a domain name is often dependent on namespace outside the control of the domain's owner. In this article we review the DNS protocol and several DNS server implementations. Based on our examination, we propose a formal model for analyzing the name dependencies inherent in DNS. Using our name dependency model we derive metrics to quantify the extent to which domain names affect other domain names. It is found that under certain conditions, more than half of the queries for a domain name are influenced by namespaces not expressly configured by administrators. This result serves to quantify the degree of vulnerability of DNS due to dependencies that administrators are unaware of. When we apply metrics from our model to production DNS data, we show that the set of domains whose resolution affects a given domain name is much smaller than previously thought. However, behaviors such as using cached addresses for querying authoritative servers and chaining domain name aliases increase the number and diversity of influential domains, thereby making the DNS infrastructure more vulnerable.