from 31 March 2016 to 1 April 2016
Intercontinental Buenos Aires
America/Buenos_Aires timezone
Home > Timetable > Session details > Contribution details

Contribution (WITHDRAWN)

Look-aside (At Your Own Risk): Privacy Implications of DNSSEC Look-aside Validation


  • Dr. Aziz MOHAISEN

Primary authors

Abstract content

The Domain Name System Security Extension (DNSSEC) today utilizes cryptographic methods to provide security features to DNS answers. However, due to the early adoption of DNSSEC, the number of secured domains is still small and islands of security are quite common. Thus, DNSSEC Look-aside Validation (DLV) is designed as an alternative off-path validation way. While privacy in DNS is attracting a lot of attention, no work is focused on DNSSEC and DLV. To this end, in this talk we introduce a first in-depth look at the privacy leakage in DLV. Using various experimental settings, our findings firmly confirm the privacy leakage in DLV. In particular, we find that a large number of domain names is leaked to a third party when using DLV, while the utility value for DLV to users is very minimal. We discuss the implications, and provide a simple fix to the problem.