NIST logo

Publication Citation: An Integrity Verification Scheme for DNS Zone File based on Security Impact Analysis

NIST Authors in Bold

Author(s): Ramaswamy Chandramouli; Scott W. Rose;
Title: An Integrity Verification Scheme for DNS Zone File based on Security Impact Analysis
Published: November 01, 2005
Abstract: The Domain Name System (DNS) is the worlds largest distributed computing system that performs the key function of translating user-friendly domain names to IP Addresses through a process called Name Resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that Authoritative Name Servers of DNS uses. This data repository is called Zone file. Hence we analyze in detail the data content relationships in zone file that have security impacts and develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML Schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations.
Conference: 21st Annual Computer Security Applications Conference
Location: Tucson, AZ
Keywords: Domain Name System, DNS, XML Schema, XSLT, Zone File, Integrity Verification
Research Areas: Computer Security
PDF version: PDF Document Click here to retrieve PDF version of paper (209KB)