Dušan Kozic (2011) Security in DNS and DNSSEC. EngD thesis.
Today's world without the DNS protocol would not be as we know it. DNS protocol enables us the use of user-friendly names instead of complicated computer addresses. It is essential that the DNS protocol works correctly which is why it frequently becomes the target of all sorts of attacks. It has been known for a while that the DNS protocol does not suffice the minimal security standards, that is why we need a solution that will add security to the DNS protocol. My diploma thesis deals with expansion of existing protocol DNS – DNSSEC. DNSSEC protocol enables security to the the DNS. The goal of my thesis is to represent the DNSSEC and evaluate the current support of the DNSSEC on different solutions for servers and clients. The first chapter contains description of the basics of the DNSSEC protocol and it's weak points that must be understood for the understanding of how the DNSSEC actually works. In the second chapter, there is a description of the DNSSEC. Safety mechanism, that DNSSEC uses, new records, that it introduces, how it works and what it brings, are also described. The chapter does not leave out the informations about the weak points of the DNSSEC and problems it does not solve. The third chapter deals with the use of the DNSSEC in Slovenia and across the world. The last chapter represents a more practical part of my diploma thesis. I have set up a test environment where different server solutions for the DNSSEC are tried out. I have also tested the workings of the DNSSEC on the operating systems and applications that are used by the end costumers. I have discovered that the DNSSEC is a well designed protocol that eliminates most of security issues of the DNS protocol. But there should not be any rush with it's use for we should be aware of the problems that will be connected with a higher complexity of the DNS system that the DNSSEC brings along. The server solutions are fairly well implanted but I miss a better support for the DNSSEC concerning the clients side. Annex to my diploma thesis contains an example of signed zone and examples and procedures of configuration of the DNSSEC on different server platforms.
Actions (login required)