7th International Conference on Communications and Networking in China

Research Article

Availability Analysis of DNSSEC Resolution and Validation Service

  • @INPROCEEDINGS{10.1109/ChinaCom.2012.6417444,
        author={Yong Wang and Xiaochun Yun and Gang Xiong and Zhen Li and Yao Yao},
        title={Availability Analysis of DNSSEC Resolution and Validation Service},
        proceedings={7th International Conference on Communications and Networking in China},
        publisher={IEEE},
        proceedings_a={CHINACOM},
        year={2012},
        month={9},
        keywords={availability analysis; dnssec; man-in-the-middle attack; dnssec vulnerability},
        doi={10.1109/ChinaCom.2012.6417444}
    }
    
  • Yong Wang
    Xiaochun Yun
    Gang Xiong
    Zhen Li
    Yao Yao
    Year: 2012
    Availability Analysis of DNSSEC Resolution and Validation Service
    CHINACOM
    IEEE
    DOI: 10.1109/ChinaCom.2012.6417444
Yong Wang1,*, Xiaochun Yun1, Gang Xiong2, Zhen Li2, Yao Yao2
  • 1: Institute of Computing Technology, Chinese Academy of Sciences
  • 2: Institute of Information Engineering, Chinese Academy of Sciences
*Contact email: wguanbow@sina.com

Abstract

Availability of DNSSEC resolution and validation service against man-in-the-middle attacks are analysed in this paper, and possible vulnerabilities are introduced and classified. Experiments show DNSSEC client is vulnerable because the attacks are always successful, but they are failed to recursive server, at the same time, attacks to recursive server will bring about numerous retries, and the number of retries depends on the number of root domain name servers, top-level servers and authority servers, and this can be exploited to launch denial of service attacks to recursive server. The results show the availability of DNSSEC service is poor against man-in-the-middle attacks. Conclusions are valuable to the optimization of DNSSEC recursive server application, as well as DNSSEC security analysis.