A Demonstration of Practical DNS Attacks and their Mitigation Using DNSSEC

Israr Khan, William Farrelly, Kevin Curran

Research output: Contribution to journalArticlepeer-review

50 Downloads (Pure)

Abstract

The authors implement common attacks on a DNS server and demonstrate that DNSSEC is an effective solution to counter DNS security flaws. This research demonstrates how to counter the zone transfer attack via the generation of DNSSEC keys on the name servers which prevent attackers from obtaining a full zone transfer as its request for the transfer without the keys was denied by the primary server. This article also provides a detailed scenario of how DNSSEC can be used as a mechanism to protect against the attack if an attacker tried to perform Cache Poisoning. The authors ultimately show that a DNSSEC server will not accept responses from unauthorised entities and would only accept responses which are authenticated throughout the DNSSEC chain of trust.
Original languageEnglish
Article number4
Pages (from-to)56-78
Number of pages23
JournalInternational Journal of Wireless Networks and Broadband Technologies
Volume9
Issue number1
DOIs
Publication statusPublished (in print/issue) - 31 Jan 2020

Fingerprint

Dive into the research topics of 'A Demonstration of Practical DNS Attacks and their Mitigation Using DNSSEC'. Together they form a unique fingerprint.

Cite this