Minimizing Information Leakage in the DNS

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology » | Visit National Institute of Standards and Technology »

From National Institute of Standards and Technology | Sep 14, 2011

The Domain Name System is the global lookup service for network resources. To protect DNS information, the DNS security extensions have been developed and deployed on branches of the DNS to provide authentication and integrity protection using digital signatures. However, signed DNS nodes were found to have an unfortunate side effect: An attacker can query them as reconnaissance before attacking hosts on a particular network.

There are different ways a zone administrator can minimize information leakage and still take advantage of DNSSEC for integrity and source authentication. This article from the National Institute of Standards and Technology describes the risk and examines the protocol and operational options and looks at their advantages and drawbacks.

Included in this zip file are:

• Minimizing Information Leakage in the DNS.pdf
• Intro Doc.pdf
• Terms and Conditions.pdf

Related IT Downloads

• 

  Mitigating SQL Injection Attack Threats

  TUTORIALS

  The following mitigation strategies and best practices can be used to minimize the risks associated with this attack vector.

• 

  Guide to Malware Incident Prevention and Handling

  TUTORIALS

  Consistent response to rootkits, trojans and viruses is key.

• 

  General Server Security Policy Guide

  POLICIES

  Lock down the home of your organization's most precious data.