Rose, S.
and Nakassis, A.
(2008),
Minimizing Information Leakage in the DNS, Journal of Research (NIST JRES), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51324
(Accessed December 3, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Minimizing Information Leakage in the DNS
Published
Author(s)
,
Abstract
The Domain Name System (DNS) is the global lookup service for network resources. To protect DNS information, the DNS Security Extensions (DNSSEC) has been developed and deployed on branches of the DNS to provide authentication and integrity protection using digital signatures. However, signed DNS nodes have been found to have an unfortunate side effect: an attacker can query them as reconnaissance before attacking hosts on a particular network. There are different ways a zone administrator can minimize information leakage while still taking advantage of DNSSEC for integrity and source authentication. This paper describes the risk and examines the protocol and operation options and looks at their advantages and drawbacks.Citation
Journal of Research (NIST JRES) -
Volume
22
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
DNS, DNSSEC, Secure Hash
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created March 1, 2008, Updated February 19, 2017