Using the domain name system for system break-ins
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
SCIT-DNS: critical infrastructure protection through secure DNS server dynamic updates
Journal of High Speed Networks - Special issue on trusted internet workshop (TIW) 2004
A DNS filter and switch for packet-filtering gateways
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Public Key distribution with secure DNS
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Using the domain name system for system break-ins
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
The globe distribution network
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Cget, Cput, and stage: safe file transport tools for the internet
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
On the performance and analysis of DNS security extensions
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Socket overloading for fun and cache-poisoning
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Efforts are underway to add security to the DNS protocol. We have observed that if BIND would just do what the DNS specifications say it should do, stop crashing, and start checking its inputs, then most of the existing security holes in DNS as practiced would go away. To be sure, attackers would still have a pretty easy time co-opting DNS in their break-in attempts. Our aim has been to get BIND to the point where its only vulnerabilities are due to the DNS protocol, and not to the implementation. This paper describes our progress to date.