Table of Content

Open Access iconOpen Access

ARTICLE

crossmark

Self-Certificating Root: A Root Zone Security Enhancement Mechanism for DNS

by Wenfeng Liu, Yu Zhang, Wenjia Zhang, Lu Liu, Hongli Zhang, Binxing Fang

1 School of Computer Science and Technology, Harbin Institute of Technology, Harbin, China.

* Corresponding Author: Wenfeng Liu. Email: email.

Computers, Materials & Continua 2020, 63(1), 521-536. https://doi.org/10.32604/cmc.2020.07982

Abstract

As a critical Internet infrastructure, domain name system (DNS) protects the authenticity and integrity of domain resource records with the introduction of security extensions (DNSSEC). DNSSEC builds a single-center and hierarchical resource authentication architecture, which brings management convenience but places the DNS at risk from a single point of failure. When the root key suffers a leak or misconfiguration, top level domain (TLD) authority cannot independently protect the authenticity of TLD data in the root zone. In this paper, we propose self-certificating root, a lightweight security enhancement mechanism of root zone compatible with DNS/DNSSEC protocol. By adding the TLD public key and signature of the glue records to the root zone, this mechanism enables the TLD authority to certify the self-submitted data in the root zone and protects the TLD authority from the risk of root key failure. This mechanism is implemented on an open-source software, namely, Berkeley Internet Name Domain (BIND), and evaluated in terms of performance, compatibility, and effectiveness. Evaluation results show that the proposed mechanism enables the resolver that only supports DNS/DNSSEC to authenticate the root zone TLD data effectively with minimal performance difference.

Keywords


Cite This Article

APA Style
Liu, W., Zhang, Y., Zhang, W., Liu, L., Zhang, H. et al. (2020). Self-certificating root: A root zone security enhancement mechanism for DNS. Computers, Materials & Continua, 63(1), 521-536. https://doi.org/10.32604/cmc.2020.07982
Vancouver Style
Liu W, Zhang Y, Zhang W, Liu L, Zhang H, Fang B. Self-certificating root: A root zone security enhancement mechanism for DNS. Comput Mater Contin. 2020;63(1):521-536 https://doi.org/10.32604/cmc.2020.07982
IEEE Style
W. Liu, Y. Zhang, W. Zhang, L. Liu, H. Zhang, and B. Fang, “Self-Certificating Root: A Root Zone Security Enhancement Mechanism for DNS,” Comput. Mater. Contin., vol. 63, no. 1, pp. 521-536, 2020. https://doi.org/10.32604/cmc.2020.07982



cc Copyright © 2020 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 3418

    View

  • 2589

    Download

  • 0

    Like

Share Link