May 6 – 7, 2021
UTC timezone
OARC 35 Day 1 - begins 01:00 UTC Today 6 May.

A Peek Into the DNS Cookie Jar: An Analysis of DNS Cookie Use

May 6, 2021, 2:25 AM
Standard Presentation Online Workshop OARC 35 Day 1


Casey Deccio (Brigham Young University)


The Domain Name System (DNS) has been frequently abused for Distributed Denial of Service (DDoS) attacks and cache poisoning because it relies on the User Datagram Protocol (UDP). Since UDP is connection-less, it is trivial for an attacker to spoof the source of a DNS query or response. DNS Cookies, a protocol standardized in 2016, add pseudo-random values to DNS packets to provide identity management and prevent spoofing attacks. In this paper, we present the first study measuring the deployment of DNS Cookies in nearly all aspects of the DNS architecture. We also provide an analysis of the current benefits of DNS Cookies and the next steps for stricter deployment. Our findings show that cookie use is limited to less than 30% of servers and 10% of recursive clients. We also find several configuration issues that could lead to substantial problems if cookies were strictly required. Overall, DNS Cookies provide limited benefit in a majority of situations, and, given current deployment, do not prevent DDoS or cache poisoning attacks.

Primary authors

Jacob Davis (Sandia National Laboratories) Casey Deccio (Brigham Young University)

Presentation materials