By Topic

Protecting the DNS from Routing Attacks: Two Alternative Anycast Implementations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Avramopoulos, I. ; Deutsche Telekom Labs., Berlin, Germany ; Suchara, M.

The domain name system is a critical piece of the Internet and supports most Internet applications. Because it's organized in a hierarchy, its correct operation depends on the availability of just a few servers at the hierarchy's upper levels. These backbone servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space. Using routing attacks in this way, an adversary can compromise the Internet's availability and integrity at a global scale. In this article, the authors evaluate the relative resilience to routing attacks of two alternative anycast DNS implementations. The first operates at the network layer and the second at the application layer. The evaluation informs fundamental DNS design decisions and an important debate on the routing architecture of the Internet.

Published in:

Security & Privacy, IEEE  (Volume:7 ,  Issue: 5 )