2011 Articles
Measuring the Deployment Hiccups of DNSSEC
On May 5, 2010 the last step of the DNSSEC deployment on the 13 root servers was completed. DNSSEC is a set of security extensions on the traditional DNS protocol, that aim in preventing attacks based on the authenticity and integrity of the messages. Although the transition was completed without major faults, it is not clear whether problems of smaller scale occurred. In this paper we try to quantify the effects of that transition, using as many vantage points as possible. In order to achieve that, we deployed a distributed DNS monitoring infrastructure over the PlanetLab and gathered periodic DNS lookups, performed from each of the roughly 300 nodes, during the DNSSEC deployment on the last root name server. In addition, in order to broaden our view, we also collected data using the Tor anonymity network. After analyzing all the gathered data, we observed that around 4% of the monitored networks had an interesting DNS query failure pattern, which, to the best of our knowledge, was due to the transition.
Subjects
Files
- dnssec-paper.pdf application/pdf 249 KB Download File
Also Published In
- Title
- Advances in Computing and Communications: First International Conference, ACC 2011, Kochi, India, July 22-24, 2011: Proceedings
- Publisher
- Springer
- DOI
- https://doi.org/10.1007/978-3-642-22720-2_5
More About This Work
- Academic Units
- Computer Science
- Series
- Communications in Computer and Information Science, 190
- Published Here
- August 8, 2011