Skip to main content


eCommons@Cornell >
Faculty of Computing and Information Science >
Computing and Information Science >
Computing and Information Science Technical Reports >

Please use this identifier to cite or link to this item:
Title: Perils of Transitive Trust in the Domain Name System
Authors: Ramasubramanian, Venugopalan
Sirer, Emin Gun
Keywords: computer science
technical report
Issue Date: 16-May-2005
Publisher: Cornell University
Abstract: The Domain Name System, DNS, is based on nameserver delegations, which introduce complex and subtle dependencies between names and nameservers. In this paper, we present results from a large scale survey of DNS that shows that these dependencies lead to a highly insecure naming system. We report specifically on three aspects of DNS security: the properties of the DNS trusted computing base, the extent and impact of existing vulnerabilities in the DNS infrastructure, and the ease with which attacks against DNS can be launched. The survey shows that a typical name depends on 46 servers on average, whose compromise can lead to domain hijacks, and names belonging to some countries depend on a few hundred nameservers. An attacker exploiting well-documented vulnerabilities in DNS can hijack more than 30% of the names appearing in the Yahoo and directories. And certain nameservers, especially in educational institutions, control as much as 10% of the namespace.
Appears in Collections:Computing and Information Science Technical Reports

Files in This Item:

File Description SizeFormat
TR2005-1994.pdf95.03 kBAdobe PDFView/Open

Refworks Export

Items in eCommons are protected by copyright, with all rights reserved, unless otherwise indicated.


© 2014 Cornell University Library Contact Us