TY - JOUR
T1 - Addressing the challenges of modern DNS
T2 - a comprehensive tutorial
AU - van der Toorn, Olivier
AU - Müller, Moritz
AU - Dickinson, Sara
AU - Hesselman, Cristian
AU - Sperotto, Anna
AU - van Rijswijk - Deij, Roland
N1 - Funding Information:
We would like to thank Tom Grolleman and Marc Groeneweg for supplying data and reviewing our manuscript. This work has been funded by SIDN Fonds , an independent fund on the initiative of SIDN, the registrar for ‘.nl’ domains. This work has partially been funded by the EU H2020 CONCORDIA (#830927) project, a Cybersecurity Competence Network. Additionally funded by the Open Technology Fund , a fund supporting Internet freedom worldwide. And the work has been partially funded by Salesforce .
Publisher Copyright:
© 2022 The Author(s).
PY - 2022/8
Y1 - 2022/8
N2 - The Domain Name System (DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas.
AB - The Domain Name System (DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas.
KW - DNS
KW - DNSSEC
KW - Security
KW - Availability
KW - Internet abuse
KW - UT-Hybrid-D
U2 - 10.1016/j.cosrev.2022.100469
DO - 10.1016/j.cosrev.2022.100469
M3 - Review article
SN - 1574-0137
VL - 45
JO - Computer science review
JF - Computer science review
M1 - 100469
ER -