Team for Research in
Ubiquitous Secure Technology

Perils of Transitive Trust in the Domain Name System
Venugopalan Ramasubramanian, Emin Gun Sirer

Citation
Venugopalan Ramasubramanian, Emin Gun Sirer. "Perils of Transitive Trust in the Domain Name System". Proceedings of Internet Measurement Conference (IMC), Internet Measurement Conference (IMC), October, 2005.

Abstract
The Domain Name System, DNS, is based on nameserver delegations, which introduce complex and subtle dependencies between names and nameservers. In this paper, we present results from a large scale survey of DNS, and show that these dependencies lead to a highly insecure naming system. We report specically on three aspects of DNS security: the properties of the DNS trusted computing base, the extent and impact of existing vulnerabilities in the DNS infrastructure, and the ease with which attacks against DNS can be launched. The survey shows that a typical name depends on 46 servers on average, whose compromise can lead to domain hijacks, while names belonging to some countries depend on a few hundred servers. An attacker exploiting well-documented vulnerabilities in DNS nameservers can hijack more than 30% of the names appearing in the Yahoo and DMOZ.org directories. And certain nameservers, especially in educational institutions, control as much as 10% of the namespace.

Electronic downloads

Citation formats  
  • HTML
    Venugopalan Ramasubramanian, Emin Gun Sirer. <a
    href="http://www.truststc.org/pubs/175.html"
    >Perils of Transitive Trust in the Domain Name
    System</a>, Proceedings of Internet Measurement
    Conference (IMC), Internet Measurement Conference (IMC),
    October, 2005.
  • Plain text
    Venugopalan Ramasubramanian, Emin Gun Sirer. "Perils of
    Transitive Trust in the Domain Name System".
    Proceedings of Internet Measurement Conference (IMC),
    Internet Measurement Conference (IMC), October, 2005.
  • BibTeX
    @inproceedings{RamasubramanianSirer05_PerilsOfTransitiveTrustInDomainNameSystem,
        author = {Venugopalan Ramasubramanian and Emin Gun Sirer},
        title = {Perils of Transitive Trust in the Domain Name
                  System},
        booktitle = {Proceedings of Internet Measurement Conference
                  (IMC)},
        organization = {Internet Measurement Conference (IMC)},
        month = {October},
        year = {2005},
        abstract = {The Domain Name System, DNS, is based on
                  nameserver delegations, which introduce complex
                  and subtle dependencies between names and
                  nameservers. In this paper, we present results
                  from a large scale survey of DNS, and show that
                  these dependencies lead to a highly insecure
                  naming system. We report specically on three
                  aspects of DNS security: the properties of the DNS
                  trusted computing base, the extent and impact of
                  existing vulnerabilities in the DNS
                  infrastructure, and the ease with which attacks
                  against DNS can be launched. The survey shows that
                  a typical name depends on 46 servers on average,
                  whose compromise can lead to domain hijacks, while
                  names belonging to some countries depend on a few
                  hundred servers. An attacker exploiting
                  well-documented vulnerabilities in DNS nameservers
                  can hijack more than 30% of the names appearing in
                  the Yahoo and DMOZ.org directories. And certain
                  nameservers, especially in educational
                  institutions, control as much as 10% of the
                  namespace.},
        URL = {http://www.truststc.org/pubs/175.html}
    }
    

Posted by Kelly Patwell on 13 Feb 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.