Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Towards security of internet naming infrastructure

: Shulman, Haya; Waidner, Michael


Pernul, G.:
Computer security - ESORICS 2014. 20th European Symposium on Research in Computer Security. Pt.1 : Vienna, Austria, September 21-25; Proceedings
Cham: Springer International Publishing, 2015 (Lecture Notes in Computer Science 9326)
ISBN: 978-3-319-24173-9 (Print)
ISBN: 978-3-319-24174-6 (Online)
European Symposium on Research in Computer Security (ESORICS) <20, 2015, Vienna>
Conference Paper
Fraunhofer SIT ()

We study the operational characteristics of the server-side of the Internets naming infrastructure. Our findings discover common architectures whereby name servers are hidden behind server-side caching DNS resolvers. We explore the extent and the scope of the name servers that use server-side caching resolvers, and find such configurations in at least 38% of the domains in a forward DNS tree, and higher percents of the domains in a reverse DNS tree. We characterise the operators of the server-side caching resolvers and provide motivations, explaining their prevalence. Our experimental evaluation indicates that the caching infrastructures are typically run by third parties, and that the services, provided by the third parties, often do not deploy best practices, resulting in miscon figurations, vulnerabilities and degraded performance of the DNS servers in popular domains.