article

A Novel Zone-Walking Protection for Secure DNS Server

Authors:

Arnob Paul,

Hasanul Islam,

Shohrab Hossain,

Husnu S. NarmanAuthors Info & Claims

International Journal of Interdisciplinary Telecommunications and Networking (IJITN), Volume 14, Issue 1

Pages 1 - 15

https://doi.org/10.4018/IJITN.312235

Published: 21 October 2022 Publication History

Abstract

A zone walking attack is to get all existing domain information from a secured DNS server. NSEC3 protocol was proposed to defend against zone walking attacks in a secured DNS server, although NSEC3 uses more CPU time. In this paper, the authors have proposed two novel solutions to defend against the zone walking attack by addressing the efficiency issue of secure DNS protocol. They have simulated the proposed solution and analyzed it with different scenarios of the secure DNS server and attackers. The result of the experiment shows that the proposed solution Low Profiling can be effective against zone walking attacks for up to certain server-side and client-side parameters. The work can help researchers to understand how a new approach in the DNSSEC server can defend against zone walking attacks.

References

[1]

Arends, R., Sisson, G., Blacka, D., & Laurie, B. (2008, March). DNS Security (DNSSEC) Hashed Authenticated Denial of Existence. RFC Editor. 10.17487/rfc5155

Crossref

Google Scholar

[2]

Niobos. (2010, January). DNSSEC – the NSEC and NSEC3 record. Retrieved from https://2007.blog.dest-unreach.be/2010/01/20/dnssec-the-nsec-and-nsec3-record/

Google Scholar

[3]

Paul, A. (2018). DNSSEC Simulation. DNSSEC Simulation.

Google Scholar

[4]

Rose, S., Larson, M., Massey, D., Austein, R., & Arends, R. (2005, March). DNS Security Introduction and Requirements. RFC Editor. 10.17487/rfc4033

Crossref

Google Scholar

[5]

Rose, S., Larson, M., Massey, D., Austein, R., & Arends, R. (2005, March). Resource Records for the DNS Security Extensions. RFC Editor. 10.17487/rfc4034

Crossref

Google Scholar

[6]

Weiler, S., & Blacka, D. (2013, February). Clarifications and Implementation Notes for DNS Security (DNSSEC). RFC Editor. 10.17487/rfc6840

Crossref

Google Scholar

Index Terms

A Novel Zone-Walking Protection for Secure DNS Server
1. Networks
  1. Network services
2. Security and privacy
  1. Network security
  2. Systems security

Index terms have been assigned to the content through auto-classification.

Recommendations

Recovering and Protecting against DNS Cache Poisoning Attacks
ICM '11: Proceedings of the 2011 International Conference of Information Technology, Computer Engineering and Management Sciences - Volume 02

DNSSEC can provide a strong countermeasure to DNS Cache Poisoning Attacks, however, DNSSEC can't be actually deployed in a short time, it is still impossible to avoid poisoning attacks thoroughly, a majority of DNS servers are still hreatened from the ...
Securing DNS: Extending DNS Servers with a DNSSEC Validator

DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a ...
DNS amplification attack revisited

It is without doubt that the Domain Name System (DNS) is one of the most decisive elements of the Internet infrastructure; even a slight disruption to the normal operation of a DNS server could cause serious impairment to network services and thus ...

Comments

Information & Contributors

Information

Published In

cover image International Journal of Interdisciplinary Telecommunications and Networking

International Journal of Interdisciplinary Telecommunications and Networking Volume 14, Issue 1

Sep 2022

452 pages

ISSN:1941-8663

EISSN:1941-8671

Issue’s Table of Contents

Publisher

IGI Global

United States

Publication History

Published: 21 October 2022

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Index Terms

Recommendations

Recovering and Protecting against DNS Cache Poisoning Attacks

Securing DNS: Extending DNS Servers with a DNSSEC Validator

DNS amplification attack revisited

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations