Abstract

The Domain Name System (DNS)[1][2] has been recently improved by the addition of DNS security extensions (DNSSEC)[3][4][5]. These improvements secure DNS against information forgery, modification and other attacks [6]. The DNS infrastructure needs to be upgraded to take advantage of the benefits offered by DNSSEC. Servers will need to serve DNSSEC enabled records and applications will need to look for and process these new security records. This paper discusses the advantages of supporting DNSSEC directly within end-system applications and the intricacies involved in retrofitting existing applications with DNSSEC support. The experiences and benefits achieved when upgrading two open-source packages is described.

Date

January 23, 2011

Authors

Wes Hardaker, Suresh Krishnaswamy

Publisher

SATIN