[dns-operations] resolvers considered harmful
mallman at icir.org
Wed Oct 22 16:47:39 UTC 2014
Short paper / crazy idea for your amusement ...
Kyle Schomp, Mark Allman, Michael Rabinovich. DNS Resolvers Considered
Harmful, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets),
October 2014. To appear.
The Domain Name System (DNS) is a critical component of the Internet
infrastructure that has many security vulnerabilities. In particular,
shared DNS resolvers are a notorious security weak spot in the system.
We propose an unorthodox approach for tackling vulnerabilities in
shared DNS resolvers: removing shared DNS resolvers entirely and
leaving recursive resolution to the clients. We show that the two
primary costs of this approach---loss of performance and an increase
in system load---are modest and therefore conclude that this approach
is beneficial for strengthening the DNS by reducing the attack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 180 bytes
Desc: not available
More information about the dns-operations