Poster: Observable KINDNS: Validating DNS Hygiene

Raffaele Sommese; Mattijs Jonker; K.C. Claffy

doi:10.1145/3517745.3563016

Poster: Observable KINDNS: Validating DNS Hygiene

Raffaele Sommese, Mattijs Jonker, K.C. Claffy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Citation (Scopus)

56 Downloads (Pure)

Abstract

The Internet's naming system (DNS) is a hierarchically structured database, with hundreds of millions of domains in a radically distributed management architecture. The distributed nature of the DNS is the primary factor that allowed it to scale to its current size, but it also brings security and stability risks. The Internet standards community (IETF) has published several operational best practices to improve DNS resilience, but operators must make their own decisions that tradeoff security, cost, and complexity. Since these decisions can impact the security of billions of Internet users, recently ICANN has proposed an initiative to codify best practices into a set of global norms to improve security: the Knowledge-Sharing and Instantiating Norms for DNS and Naming Security (KINDNS) [4]. A similar effort for routing security - Mutually Agreed Norms for Routing Security - provided inspiration for this effort. The MANRS program encourages operators to voluntarily commit to a set of practices that will improve collective routing security - a challenge when incentives to conform with these practices does not generate a clear return on investment for operators. One challenge for both initiatives is independent verification of conformance with the practices. The KINDNS conversation has just started, and stakeholders are still debating what should be in the set of practices. At this early stage, we analyze possible best practices in terms of their measurability by third parties, including a review of DNS measurement studies and available data sets (Table 1).

Original language	English
Title of host publication	IMC '22
Subtitle of host publication	Proceedings of the 2022 ACM Internet Measurement Conference, Nice, France, October 25-27, 2022
Editors	Chadi Barakat
Place of Publication	New York, NY
Publisher	Association for Computing Machinery
Pages	740-741
Number of pages	2
ISBN (Electronic)	978-1-4503-9259-4
DOIs	https://doi.org/10.1145/3517745.3563016
Publication status	Published - 25 Oct 2022
Event	22nd ACM Internet Measurement Conference, IMC 2022 - Nice, France Duration: 25 Oct 2022 → 27 Oct 2022 Conference number: 22 https://conferences.sigcomm.org/imc/2022/

Publication series

Name	Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Conference

Conference	22nd ACM Internet Measurement Conference, IMC 2022
Abbreviated title	IMC 2022
Country/Territory	France
City	Nice
Period	25/10/22 → 27/10/22
Internet address	https://conferences.sigcomm.org/imc/2022/

Keywords

2024 OA procedure

Access to Document

10.1145/3517745.3563016

ArticleFinal published version, 458 KBLicence: Taverne

Cite this

Sommese, R., Jonker, M., & Claffy, K. C. (2022). Poster: Observable KINDNS: Validating DNS Hygiene. In C. Barakat (Ed.), IMC '22: Proceedings of the 2022 ACM Internet Measurement Conference, Nice, France, October 25-27, 2022 (pp. 740-741). (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC). Association for Computing Machinery. https://doi.org/10.1145/3517745.3563016

Sommese, Raffaele ; Jonker, Mattijs ; Claffy, K.C. / Poster : Observable KINDNS: Validating DNS Hygiene. IMC '22: Proceedings of the 2022 ACM Internet Measurement Conference, Nice, France, October 25-27, 2022. editor / Chadi Barakat. New York, NY : Association for Computing Machinery, 2022. pp. 740-741 (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC).

@inproceedings{e6d29a1e57a4444a8a144e7b719bec9a,

title = "Poster: Observable KINDNS: Validating DNS Hygiene",

abstract = "The Internet's naming system (DNS) is a hierarchically structured database, with hundreds of millions of domains in a radically distributed management architecture. The distributed nature of the DNS is the primary factor that allowed it to scale to its current size, but it also brings security and stability risks. The Internet standards community (IETF) has published several operational best practices to improve DNS resilience, but operators must make their own decisions that tradeoff security, cost, and complexity. Since these decisions can impact the security of billions of Internet users, recently ICANN has proposed an initiative to codify best practices into a set of global norms to improve security: the Knowledge-Sharing and Instantiating Norms for DNS and Naming Security (KINDNS) [4]. A similar effort for routing security - Mutually Agreed Norms for Routing Security - provided inspiration for this effort. The MANRS program encourages operators to voluntarily commit to a set of practices that will improve collective routing security - a challenge when incentives to conform with these practices does not generate a clear return on investment for operators. One challenge for both initiatives is independent verification of conformance with the practices. The KINDNS conversation has just started, and stakeholders are still debating what should be in the set of practices. At this early stage, we analyze possible best practices in terms of their measurability by third parties, including a review of DNS measurement studies and available data sets (Table 1).",

keywords = "2024 OA procedure",

author = "Raffaele Sommese and Mattijs Jonker and K.C. Claffy",

year = "2022",

month = oct,

day = "25",

doi = "10.1145/3517745.3563016",

language = "English",

series = "Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC",

publisher = "Association for Computing Machinery",

pages = "740--741",

editor = "Chadi Barakat",

booktitle = "IMC '22",

address = "United States",

note = "22nd ACM Internet Measurement Conference, IMC 2022, IMC 2022 ; Conference date: 25-10-2022 Through 27-10-2022",

url = "https://conferences.sigcomm.org/imc/2022/",

}

Sommese, R , Jonker, M & Claffy, KC 2022, Poster: Observable KINDNS: Validating DNS Hygiene. in C Barakat (ed.), IMC '22: Proceedings of the 2022 ACM Internet Measurement Conference, Nice, France, October 25-27, 2022. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, Association for Computing Machinery, New York, NY, pp. 740-741, 22nd ACM Internet Measurement Conference, IMC 2022, Nice, France, 25/10/22. https://doi.org/10.1145/3517745.3563016

Poster: Observable KINDNS: Validating DNS Hygiene. / Sommese, Raffaele ; Jonker, Mattijs; Claffy, K.C.
IMC '22: Proceedings of the 2022 ACM Internet Measurement Conference, Nice, France, October 25-27, 2022. ed. / Chadi Barakat. New York, NY: Association for Computing Machinery, 2022. p. 740-741 (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Poster

T2 - 22nd ACM Internet Measurement Conference, IMC 2022

AU - Sommese, Raffaele

AU - Jonker, Mattijs

AU - Claffy, K.C.

N1 - Conference code: 22

PY - 2022/10/25

Y1 - 2022/10/25

N2 - The Internet's naming system (DNS) is a hierarchically structured database, with hundreds of millions of domains in a radically distributed management architecture. The distributed nature of the DNS is the primary factor that allowed it to scale to its current size, but it also brings security and stability risks. The Internet standards community (IETF) has published several operational best practices to improve DNS resilience, but operators must make their own decisions that tradeoff security, cost, and complexity. Since these decisions can impact the security of billions of Internet users, recently ICANN has proposed an initiative to codify best practices into a set of global norms to improve security: the Knowledge-Sharing and Instantiating Norms for DNS and Naming Security (KINDNS) [4]. A similar effort for routing security - Mutually Agreed Norms for Routing Security - provided inspiration for this effort. The MANRS program encourages operators to voluntarily commit to a set of practices that will improve collective routing security - a challenge when incentives to conform with these practices does not generate a clear return on investment for operators. One challenge for both initiatives is independent verification of conformance with the practices. The KINDNS conversation has just started, and stakeholders are still debating what should be in the set of practices. At this early stage, we analyze possible best practices in terms of their measurability by third parties, including a review of DNS measurement studies and available data sets (Table 1).

AB - The Internet's naming system (DNS) is a hierarchically structured database, with hundreds of millions of domains in a radically distributed management architecture. The distributed nature of the DNS is the primary factor that allowed it to scale to its current size, but it also brings security and stability risks. The Internet standards community (IETF) has published several operational best practices to improve DNS resilience, but operators must make their own decisions that tradeoff security, cost, and complexity. Since these decisions can impact the security of billions of Internet users, recently ICANN has proposed an initiative to codify best practices into a set of global norms to improve security: the Knowledge-Sharing and Instantiating Norms for DNS and Naming Security (KINDNS) [4]. A similar effort for routing security - Mutually Agreed Norms for Routing Security - provided inspiration for this effort. The MANRS program encourages operators to voluntarily commit to a set of practices that will improve collective routing security - a challenge when incentives to conform with these practices does not generate a clear return on investment for operators. One challenge for both initiatives is independent verification of conformance with the practices. The KINDNS conversation has just started, and stakeholders are still debating what should be in the set of practices. At this early stage, we analyze possible best practices in terms of their measurability by third parties, including a review of DNS measurement studies and available data sets (Table 1).

KW - 2024 OA procedure

UR - http://www.scopus.com/inward/record.url?scp=85141365867&partnerID=8YFLogxK

U2 - 10.1145/3517745.3563016

DO - 10.1145/3517745.3563016

M3 - Conference contribution

AN - SCOPUS:85141365867

T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

SP - 740

EP - 741

BT - IMC '22

A2 - Barakat, Chadi

PB - Association for Computing Machinery

CY - New York, NY

Y2 - 25 October 2022 through 27 October 2022

ER -

Sommese R , Jonker M, Claffy KC. Poster: Observable KINDNS: Validating DNS Hygiene. In Barakat C, editor, IMC '22: Proceedings of the 2022 ACM Internet Measurement Conference, Nice, France, October 25-27, 2022. New York, NY: Association for Computing Machinery. 2022. p. 740-741. (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC). doi: 10.1145/3517745.3563016

Poster: Observable KINDNS: Validating DNS Hygiene

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this