Minimizing Information Leakage in the DNS

Signature-based DNS security extensions have given hackers a way to scope out information on networks before they begin a direct attack. This paper looks at methods for mitigating this risk while still using DNSSEC to augment Internet security.

The Domain Name System is the global lookup service for network resources. To protect DNS information, the DNS security extensions have been developed and deployed on branches of the DNS to provide authentication and integrity protection using digital signatures. However, signed DNS nodes were found to have an unfortunate side effect: An attacker can query them as reconnaissance before attacking hosts on a particular network.

There are different ways a zone administrator can minimize information leakage and still take advantage of DNSSEC for integrity and source authentication. This article from the National Institute of Standards and Technology describes the risk and examines the protocol and operational options and looks at their advantages and drawbacks.

Included in this zip file are:

Minimizing Information Leakage in the DNS.pdf
Intro Doc.pdf
Terms and Conditions.pdf

5G and Industrial Automation: Practical Use Cases

Is 5G Enough to Boost the Metaverse?

Building a Private 5G Network for Your Business

5G and AI: Ushering in New Tech Innovation

The Role of 5G in the Sustainability Fight

Minimizing Information Leakage in the DNS

Minimizing Information Leakage in the DNS

Get the Free Newsletter!

Latest Articles

How DeFi is Reshaping the Future of Finance

Enterprise Software Startups: What It Takes To Get VC Funding

Top RPA Tools 2022: Robotic Process Automation Software

Advertisers

Menu

Our Brands