DNS Resolvers Considered Harmful
Title | DNS Resolvers Considered Harmful |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Schomp, K., Allman M., & Rabinovich M. |
Other Numbers | 3755 |
Abstract | The Domain Name System (DNS) is a criticalcomponent of the Internet infrastructure that has many security vulnerabilities. In particular, shared DNS resolvers are anotorious security weak spot in the system. We propose anunorthodox approach for tackling vulnerabilities in sharedDNS resolvers: removing shared DNS resolvers entirely andleaving recursive resolution to the clients. We show that thetwo primary costs of this approachloss of performanceand an increase in system loadare modest and thereforeconclude that this approach is beneficial for strengtheningthe DNS by reducing the attack surface. |
Acknowledgment | This work was partially supported by funding provided to ICSI through National Science Foundation grants CNS : 1237265 (Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives) and CNS: 0831535 ("Comprehensive Application Analysis and Control"). Additional funding was provided through National Science Foundation grants CNS : 0831821 ("Relationship-Oriented Networking"). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation. |
Bibliographic Notes | Proceedings of the 13th ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets 2014), Los Angeles, California |
Abbreviated Authors | K. Schomp, M. Allman, and M. Rabinovich |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Article in conference proceedings |