By Topic

Quantifying and Improving DNSSEC Availability

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Deccio, C. ; Sandia Nat. Labs., Livermore, CA, USA ; Sedayao, J. ; Kant, K. ; Mohapatra, P.

The Domain Name System (DNS) is a foundational component of today's Internet for mapping Internet names to addresses. With the DNS Security Extensions (DNSSEC) DNS responses can be cryptographically verified to prevent malicious tampering. The protocol complexity and administrative overhead associated with DNSSEC can significantly impact the potential for name resolution failure. We present metrics for assessing the quality of a DNSSEC deployment, based on its potential for resolution failure in the presence of DNSSEC misconfiguration. We introduce a metric to analyze the administrative complexity of a DNS configuration, which contributes to its failure potential. We then discuss a technique which uses soft anchoring to increase robustness in spite of misconfigurations. We analyze a representative set of production signed DNS zones and determine that 28% of the validation failures we encountered would be mitigated by the soft anchoring technique we propose.

Published in:

Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on

Date of Conference:

July 31 2011-Aug. 4 2011