NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

An Integrity Verification Scheme for DNS Zone File based on Security Impact Analysis

Published

Author(s)

Ramaswamy Chandramouli, Scott W. Rose

Abstract

The Domain Name System (DNS) is the worlds largest distributed computing system that performs the key function of translating user-friendly domain names to IP Addresses through a process called Name Resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that Authoritative Name Servers of DNS uses. This data repository is called Zone file. Hence we analyze in detail the data content relationships in zone file that have security impacts and develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML Schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations.
Conference Location
Tucson, AZ, USA
Conference Title
21st Annual Computer Security Applications Conference
Pub Type
Conferences

Download Paper

Local Download

Keywords

Domain Name System, DNS, XML Schema, XSLT, Zone File, Integrity Verification
Cybersecurity and privacy

Citation

Chandramouli, R. and Rose, S. (2005), An Integrity Verification Scheme for DNS Zone File based on Security Impact Analysis, 21st Annual Computer Security Applications Conference, Tucson, AZ, USA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150378 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 31, 2005, Updated October 12, 2021
Was this page helpful?