Improving Response Deliverability in DNS(SEC)

Share/Save/Bookmark

Broek, Gijs van den and Rijswijk, Roland van and Pras, Aiko and Sperotto, Anna (2012) Improving Response Deliverability in DNS(SEC). In: TERENA Networking Conference 2012, 21-24 May 2012, Reykjavík, Iceland.

open access
[img]
Preview
PDF (Presentation slides)
729kB
[img]
Preview
PDF (Poster)
718kB
Abstract:The Domain Name System provides a critical service on the Internet, where it allows host names to be translated to IP addresses. However, it does not provide any guarantees about authenticity and origin integrity of resolution data. DNSSEC attempts to solve this through the application of cryptographic signatures to DNS records. These signatures generally result in larger responses compared to plain DNS responses. Some of these larger responses experience fragmentation, which in turn might be partially blocked by some firewalls. Apparently unresolvable zones may in those cases be a consequence. Analysis of DNS traffic suggests that at least one per cent of all resolvers experience this problem with our signed zones. However, we suspect this number to be much larger. In our presentation we will elaborate on the potential extent of this problem and propose to test two solutions. We intent to test both solutions in our production environment.
Item Type:Conference or Workshop Item
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/81272
Official URL:https://tnc2012.terena.org/core/poster/28
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page