DNS Resolvers Considered Harmful
2014
The Domain Name System (DNS) is a critical component of the Internet infrastructure that has many security vulnerabilities. In particular, shared DNS resolvers are a notorious security weak spot in the system. We propose an unorthodox approach for tackling vulnerabilities in shared DNS resolvers: removing shared DNS resolvers entirely and leaving recursive resolution to the clients. We show that the two primary costs of this approach---loss of performance and an increase in system load---are modest and therefore conclude that this approach is beneficial for strengthening the DNS by reducing the attack surface.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
21
References
21
Citations
NaN
KQI