September 8, 2021
UTC timezone
OARConline 35a begins 15:00 UTC today 8 September

How prevalent is the operation of DNS security mechanisms?

Sep 8, 2021, 3:05 PM
Standard Presentation Online Workshop OARConline 35a


Masanori Yajima


The threat of attacks targeting a DNS, such as DNS cache poisoning attacks and DNS amplification attacks, continues unabated. In addition, attacks that exploit the difficulty in determining the authenticity of domain names, such as phishing sites and fraudulent emails, continue to be a significant threat.Various DNS security mechanisms have been proposed, standardized, and implemented as effective countermeasures against DNS-related attacks.However, it is not clear how widespread these security mechanisms are in the DNS ecosystem and how effectively they work in the wild.With this background, this study targets the major DNS security mechanisms deployed for the DNS name servers, DNSSEC, DNS Cookies, CAA, SPF, DMARC, MTA-STS, DANE, and TLSRPT, and a large-scale measurement analysis of their deployment is conducted.Our results quantitatively reveal that, as of 2021, the adoption rate of most DNS security mechanisms, except SPF, remains low, and the adoption rate is lower for mechanisms that are more difficult to configure.These findings suggest the importance of developing easy-to-deploy tools to promote the adoption of security mechanisms.

Talk Duration 20 Minutes Presentation ( inc 5 Minutes Q&A)

Primary author

Masanori Yajima


Dr Daiki Chiba (NTT) Mr Yoshiro Yoneya (JPRS) Prof. Tatsuya Mori (Waseda University, NICT)

Presentation materials