Title
Availability and Integrity of DNS
Abstract
2014 was the year of security issues for DNS.
Cache poisoning has been highlighted by many people, and the feeling of
insecurity may be spreading in the process of such discussions.
However, in reality, there hasn't been much change in the security risks
surrounding DNS since 2008.
While DNSSEC has been deployed for many years globally
to address cache poisoning, the deployment rate of DNSSEC is extremely
low in Japan. One of the reasons is the risk of downtime due to the
extra complexities of DNSSEC. Since we as operators in Japan give weight
to availability, it is difficult for Japanese operators to make the
decision to deploy if any uncertainty remains in service reliability.
On the other hand, discussions on risks to availability are not based on
specific data, building a vague and general feeling of insecurity.
This session seeks to re-open and deepen discussions on security
surrounding DNS, by conducting discussions based on specific data.
- What are the realities of the cache poisoning attacks which caught the communities attention in 2014?
- What are the risks to availability due to DNSSEC deployment vs risks to
integrity through
cache poisoning
- What can we expect next for validation function in DNSSEC?
- Voices of operators who operate DNSSEC validation.
(Translated by: Izumi Okutani)
Presenters
Manabu Sonoda Internet Initiative Japan Inc.
Yoshifumi Suematsu Kyushu Telecommunication Network Co.,Inc.
Takanori Yamaguchi Internet Initiative Japan Inc.