theless, a basic understanding of each of them will enable wiser decisions about them and other innovations in the future.

4.1 IMPROVING THE SECURITY OF THE DOMAIN NAME SYSTEM

Because of its central role in the operation of the Internet, the DNS is a natural target for mischievous and malicious attacks. These can take a wide variety of forms depending on the ingenuity of the attacker and on which of the potential vulnerabilities is attacked.1 The most severe recent attack was the denial-of-service attack launched in October 2002. It swamped 8 of the 13 root name servers for up to an hour and a half. However, the remaining 5 servers handled the regular requests to the root without difficulty. Since that attack, the root name server operators have taken a number of steps, including the widespread distribution of “anycast” satellites and diversification of network connectivity (see Box 3.1), to reduce their vulnerability to such attacks and to mitigate their effects.

Furthermore, although some steps have been taken,2 more could be done to continuously monitor the performance and traffic flows of the DNS infrastructure so as to enable rapid detection and response to attacks or outages.

However, another serious vulnerability remains. As described in Section 2.4, “the original DNS design did not include a mechanism to ensure that a name lookup was an accurate representation of the information provided by the entity responsible for the information. DNS information was assumed to be accurate as the result of general notions of network cooperation and interoperation (i.e., based on the presumption that nobody would deliberately attempt to tamper with DNS information).” In more technical terms, the initial design of the DNS did not incorporate data origin authentication and data integrity protection. However, because of increased fear of additional attacks on the DNS, these kinds of security features have now become a major concern.

Data origin authentication is needed to help ensure that the results of DNS lookups come from authoritative sources. A widely publicized case that involved the diversion of Internet users to an undesired Web site drew attention to the lack of such authentication in the DNS.3

1  

See Derek Atkins and Rob Austein, “Threat Analysis of the Domain Name System,” RFC 3833, August 2004, available at <http://www.rfc-editor.org>.

2  

Notably the establishment of the Operations Analysis and Research Center by the Internet Systems Consortium (see https://oarc.isc.org/) and the online performance monitoring by the k-root (see <http://k.root-servers.org/#stats>).

3  

In 1997, Eugene Kashpureff diverted Internet users who were seeking the Network Solutions Web site to his own site, although this was intended as a publicity stunt rather than as a malicious attack. See Rik Farrow, “Locking Up DNS Troubles,” Network Magazine, August 5, 2000, available at <http://www.networkmagazine.com/showArticle.jhtml?articleID=8702868>.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement