3.17.dnssec - Securing DNS Lookups How can we ensure that...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Securing DNS Lookups How can we ensure that when clients look up names with DNS, they can trust the answers they receive? Idea #1: do DNS lookups over TLS (assuming either we run DNS over TCP, or we use “Datagram TLS”)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
requesting host xyz.poly.edu gaia.cs.umass.edu root DNS server (‘.’) local DNS server (resolver) dns.poly.edu 1 2 3 4 5 6 authoritative DNS server (‘umass.edu’, ‘cs.umass.edu’) dns.cs.umass.edu 7 8 TLD DNS server (‘.edu’) Securing DNS using SSL / TLS Host at xyz.poly.edu wants IP address for gaia.cs.umass.edu Idea: connections {1,8}, {2,3}, {4,5} and {6,7} all run over SSL / TLS
Background image of page 2
Securing DNS Lookups How can we ensure that when clients look up names with DNS, they can trust the answers they receive? Idea #1: do DNS lookups over TLS (assuming either we run DNS over TCP, or we use “Datagram TLS”) Issues? Performance : DNS is very lightweight. TLS is not. Caching
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 12

3.17.dnssec - Securing DNS Lookups How can we ensure that...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online