[dns-operations] resolvers considered harmful

Mark Allman mallman at icir.org
Wed Oct 22 16:47:39 UTC 2014

Short paper / crazy idea for your amusement ...

Kyle Schomp, Mark Allman, Michael Rabinovich.  DNS Resolvers Considered
Harmful, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets),
October 2014.  To appear.

  The Domain Name System (DNS) is a critical component of the Internet
  infrastructure that has many security vulnerabilities.  In particular,
  shared DNS resolvers are a notorious security weak spot in the system.
  We propose an unorthodox approach for tackling vulnerabilities in
  shared DNS resolvers: removing shared DNS resolvers entirely and
  leaving recursive resolution to the clients.  We show that the two
  primary costs of this approach---loss of performance and an increase
  in system load---are modest and therefore conclude that this approach
  is beneficial for strengthening the DNS by reducing the attack

Comments welcome.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141022/3a3976ec/attachment.sig>

More information about the dns-operations mailing list