[dns-operations] resolvers considered harmful
Mark Allman
mallman at icir.org
Wed Oct 22 16:47:39 UTC 2014
Short paper / crazy idea for your amusement ...
Kyle Schomp, Mark Allman, Michael Rabinovich. DNS Resolvers Considered
Harmful, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets),
October 2014. To appear.
http://www.icir.org/mallman/pubs/SAR14/
Abstract:
The Domain Name System (DNS) is a critical component of the Internet
infrastructure that has many security vulnerabilities. In particular,
shared DNS resolvers are a notorious security weak spot in the system.
We propose an unorthodox approach for tackling vulnerabilities in
shared DNS resolvers: removing shared DNS resolvers entirely and
leaving recursive resolution to the clients. We show that the two
primary costs of this approach---loss of performance and an increase
in system load---are modest and therefore conclude that this approach
is beneficial for strengthening the DNS by reducing the attack
surface.
Comments welcome.
allman
--
http://www.icir.org/mallman/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141022/3a3976ec/attachment.sig>
More information about the dns-operations
mailing list