|
Kyle Schomp, Mark Allman, Michael Rabinovich. DNS Resolvers Considered Harmful, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets), October 2014.
PDF | Kyle's Slides
Abstract:
The Domain Name System (DNS) is a critical component of the
Internet infrastructure that has many security vulnerabilities.
In particular, shared DNS resolvers are a notorious security
weak spot in the system. We propose an unorthodox approach for
tackling vulnerabilities in shared DNS resolvers: removing
shared DNS resolvers entirely and leaving recursive resolution
to the clients. We show that the two primary costs of this
approach---loss of performance and an increase in system
load---are modest and therefore conclude that this approach is
beneficial for strengthening the DNS by reducing the attack
surface.
BibTeX:
@inproceedings{SAR14,
author = "Kyle Schomp and Mark Allman and Michael Rabinovich",
title = "{DNS Resolvers Considered Harmful}",
booktitle = "ACM SIGCOMM HotNets",
year = 2014,
month = oct,
}
Scribe notes from HotNets talk are
here.
Devon Warshaw and Jake McKinnon reappraised our study as part of
Stanford's CS 244 course. Their report is available
here.
|
|