The threat of attacks targeting a DNS, such as DNS cache poisoning attacks and DNS amplification attacks, continues unabated. In addition, attacks that exploit the difficulty in determining the authenticity of domain names, such as phishing sites and fraudulent emails, continue to be a significant threat.Various DNS security mechanisms have been proposed, standardized, and implemented as...
While performing an analysis of query names seen at the ICANN Managed Root Server (IMRS), ICANN staff discovered a significant amount of strange query traffic coming from one of the datacenters of a large, well-known recursive DNS operator. While this traffic was hitting a single IMRS instance, Verisign staff confirmed the odd traffic is observed at some of their root server instances as...
This is a report on a measurement conducted in May 2021 on the level of DNSSEC validation supoport for the Ed25519 Edwards Curve digital signature algorithm
Anycast is used to serve content including root DNS. However, prior work examining
root DNS suggests anycast deployments incur significant inflation, with users often routed to suboptimal sites especially for larger deployments. These results are surprising, given the importance and growth of production anycast deployments. We reassess anycast performance -- using new methodology we show root...
We introduce and discuss an authenticated in-band method for automatic signaling of a DNS zone's delegation signer information from the zone's DNS operator. In standard (single-signer) setups, the zone's registrar or registry may subsequently use this signal for automatic DS record provisioning in the parent zone. In multi-signer scenarios (RFC 8901), the method may be used to securely...
Abstract:
Denial-of-Service (DoS) attacks target thousands of victims every day, often resulting in small outages. Those same attacks can also target unprotected endpoints of larger businesses, often causing out-sized impact. We review the DoS risks for DNS servers, and explore the challenges and mitigation options.
About the speaker:
Damian Menscher is responsible for DDoS defense at...