The authors implement common attacks on a DNS server and demonstrate that DNSSEC is an effective solution to counter DNS security flaws. This research demonstrates how to counter the zone transfer attack via the generation of DNSSEC keys on the name servers which prevent attackers from obtaining a full zone transfer as its request for the transfer without the keys was denied by the primary server. This article also provides a detailed scenario of how DNSSEC can be used as a mechanism to protect against the attack if an attacker tried to perform Cache Poisoning. The authors ultimately show that a DNSSEC server will not accept responses from unauthorised entities and would only accept responses which are authenticated throughout the DNSSEC chain of trust.
|Number of pages||23|
|Journal||International Journal of Wireless Networks and Broadband Technologies|
|Publication status||Published - 31 Jan 2020|