Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

DNSSEC misconfigurations in popular domains

: Dai, Tianxiang; Shulman, Haya; Waidner, Michael


Foresti, S.:
Cryptology and network security. 15th international conference, CANS 2016 : Milan, Italy, November 14-16, 2016; Proceedings
Cham: Springer International Publishing, 2016 (Lecture Notes in Computer Science 10052)
ISBN: 978-3-319-48964-3 (Print)
ISBN: 978-3-319-48965-0 (Online)
International Conference on Cryptology and Network Security (CANS) <15, 2016, Milan>
Conference Paper
Fraunhofer SIT ()

DNSSEC was designed to protect the Domain Name System (DNS) against DNS cache poisoning and domain hijacking. When widely adopted, DNSSEC is expected to facilitate a multitude of future applications and systems, as well as security mechanisms, that would use the DNS for distribution of security tokens, such as, certificates, IP prefix authentication for routing security, anti-spam mechanisms. Multiple efforts are invested in adopting DNSSEC and in evaluating challenges towards its deployment. In this work we perform a study of errors and misconfigurations in signed domains. To that end, we develop a DNSSEC framework and a webpage for reporting the most up to date statistics and provide reports with vulnerabilities and misconfigurations. Our tool also supports retrieval of historical data and enables to perform long-term studies and observations of changes in the security landscape of DNS. We make our tool and the collected data available via an online webservice.