Title

Availability and Integrity of DNS

Abstract

2014 was the year of security issues for DNS.

Cache poisoning has been highlighted by many people, and the feeling of insecurity may be spreading in the process of such discussions. However, in reality, there hasn't been much change in the security risks surrounding DNS since 2008.

While DNSSEC has been deployed for many years globally to address cache poisoning, the deployment rate of DNSSEC is extremely low in Japan. One of the reasons is the risk of downtime due to the extra complexities of DNSSEC. Since we as operators in Japan give weight to availability, it is difficult for Japanese operators to make the decision to deploy if any uncertainty remains in service reliability.

On the other hand, discussions on risks to availability are not based on specific data, building a vague and general feeling of insecurity.

This session seeks to re-open and deepen discussions on security surrounding DNS, by conducting discussions based on specific data.

  • What are the realities of the cache poisoning attacks which caught the communities attention in 2014?
  • What are the risks to availability due to DNSSEC deployment vs risks to integrity through cache poisoning
  • What can we expect next for validation function in DNSSEC?
  • Voices of operators who operate DNSSEC validation.

(Translated by: Izumi Okutani)

Presenters

Manabu Sonoda Internet Initiative Japan Inc.
Yoshifumi Suematsu Kyushu Telecommunication Network Co.,Inc.
Takanori Yamaguchi Internet Initiative Japan Inc.


Reload   New Lower page making Edit Freeze Diff Upload Copy Rename   Front page List of pages Search Recent changes Backup Referer     RSS of recent changes
Last-modified: (542d)