In English

Deploying DNS Security Extensions

SAM ROSTAMPOUR
Göteborg : Chalmers tekniska högskola, 2012. 81 s.
[Examensarbete på avancerad nivå]

The number of attacks towards the Domain Name System (DNS) increases exponentially. Due to the essential role of the DNS in the Internet service, fast reaction is needed to secure this system. Domain Name System Security Extensions (DNSSEC) is an Internet scale solution for protecting the DNS. DNSSEC provides security for the DNS by adding integrity and data original authentication to the DNS messages. As this solution is rolling out fast in the top-level domains (TLDs) and some second-level domains (SLDs) the VOLVO Information Technology (VOLVO IT) company became interested in implementing this solution in their infrastructure. Therefore, they initiated a thesis to become aware of the procedure of deploying DNSSEC and its requirements.

In this thesis, we have gone through the design of the DNS system. We demonstrated how this system is unsecure and why it is the target of many attacks. We explained how DNSSEC protects the DNS and highlighted the objectives of this solution. We also discussed about the current implementation of the DNSSEC. Implementing this solution in a large-scale network is not an easy task and adds lots of complexity to the administrators of the DNS infrastructure. In addition, some security concerns still exist regarding this solution. We have analysed the common attacks and availability issue related to the DNSSEC implementation. We used this analysis to avoid using any implementation, which makes the DNS infrastructure vulnerable to the DNSSEC related attacks. We covered the deployment of the DNSSEC within a particular organization (VOLVO IT). We used the best practice solutions to reduce the security issues regarding the deployment of the DNSSEC.

This thesis is mainly divided in two parts. One part is the security analysis of the DNS and DNSSEC design. The other part deals with the best practice solutions that can be used to set up a secure DNSSEC deployment within the infrastructure of the VOLVO IT.



Publikationen registrerades 2013-02-15. Den ändrades senast 2013-04-04

CPL ID: 173693

Detta är en tjänst från Chalmers bibliotek