Research Article
Availability Analysis of DNSSEC Resolution and Validation Service
@INPROCEEDINGS{10.1109/ChinaCom.2012.6417444, author={Yong Wang and Xiaochun Yun and Gang Xiong and Zhen Li and Yao Yao}, title={Availability Analysis of DNSSEC Resolution and Validation Service}, proceedings={7th International Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2012}, month={9}, keywords={availability analysis; dnssec; man-in-the-middle attack; dnssec vulnerability}, doi={10.1109/ChinaCom.2012.6417444} }- Yong Wang
Xiaochun Yun
Gang Xiong
Zhen Li
Yao Yao
Year: 2012
Availability Analysis of DNSSEC Resolution and Validation Service
CHINACOM
IEEE
DOI: 10.1109/ChinaCom.2012.6417444
Abstract
Availability of DNSSEC resolution and validation service against man-in-the-middle attacks are analysed in this paper, and possible vulnerabilities are introduced and classified. Experiments show DNSSEC client is vulnerable because the attacks are always successful, but they are failed to recursive server, at the same time, attacks to recursive server will bring about numerous retries, and the number of retries depends on the number of root domain name servers, top-level servers and authority servers, and this can be exploited to launch denial of service attacks to recursive server. The results show the availability of DNSSEC service is poor against man-in-the-middle attacks. Conclusions are valuable to the optimization of DNSSEC recursive server application, as well as DNSSEC security analysis.
