BYU

Abstract by Cade Daniel

Personal Infomation


Presenter's Name

Cade Daniel

Degree Level

Undergraduate

Abstract Infomation


Department

Computer Science

Faculty Advisor

Casey Deccio

Title

Quantification and Identification of Obstacles to Strict DNS Cookie Enforcement in the Domain Name System

Abstract

DNS Cookies close several attack vectors in the DNS, including DNSSEC reflection attacks, by allowing agents to drop packets from unauthenticated sources. Unfortunately, strictly enforcing DNS Cookies will break DNS service for the majority of DNS clients and servers. In order to understand how enforcement of DNS cookies will affect the Internet, we query a large sample of server-domain pairs with various query settings and capture the responses. We analyze these responses to identify particular server and network configurations that complicate DNS Cookie deployment and enforcement, such as round-robin load balancers. We quantify the nameservers that support DNSSEC, EDNS0, and DNS Cookies. These results will inform DNS architects and enable them to eventually enforce DNS Cookies, further securing the DNS.