Improving Response Deliverability in DNS(SEC)

Gijs van den Broek, Roland van Rijswijk, Roland M. van Rijswijk, Aiko Pras, Anna Sperotto

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    41 Downloads (Pure)

    Abstract

    The Domain Name System provides a critical service on the Internet, where it allows host names to be translated to IP addresses. However, it does not provide any guarantees about authenticity and origin integrity of resolution data. DNSSEC attempts to solve this through the application of cryptographic signatures to DNS records. These signatures generally result in larger responses compared to plain DNS responses. Some of these larger responses experience fragmentation, which in turn might be partially blocked by some firewalls. Apparently unresolvable zones may in those cases be a consequence. Analysis of DNS traffic suggests that at least one per cent of all resolvers experience this problem with our signed zones. However, we suspect this number to be much larger. In our presentation we will elaborate on the potential extent of this problem and propose to test two solutions. We intent to test both solutions in our production environment.
    Original languageEnglish
    Title of host publicationTERENA Networking Conference 2012
    Place of PublicationAmsterdam, The Netherlands
    PublisherTrans-European Research and Education Networking Association
    Pages-
    Number of pages1
    Publication statusPublished - May 2012

    Publication series

    Name
    PublisherTrans-European Research and Education Networking Association

      Fingerprint

    Keywords

    • IR-81272
    • EWI-22169
    • DNSSEC
    • METIS-287973

    Cite this

    van den Broek, G., van Rijswijk, R., van Rijswijk, R. M., Pras, A., & Sperotto, A. (2012). Improving Response Deliverability in DNS(SEC). In TERENA Networking Conference 2012 (pp. -). Amsterdam, The Netherlands: Trans-European Research and Education Networking Association.