BYU

Abstract by Jonathan Demke

Personal Infomation


Presenter's Name

Jonathan Demke

Co-Presenters

Luke Summers

Degree Level

Undergraduate

Co-Authors

None

Abstract Infomation


Department

Computer Science

Faculty Advisor

Casey Deccio

Title

DNS NSEC Deployment

Abstract

 

3M - The DNS is an important component to the Internet infrastructure. The DNS maps names (such as websites) to their corresponding IP addresses.  When the DNS receives a query for a name that doesn’t exist, it responds with a negative answer that contains an NSEC Record, which proves the name doesn’t exist. There are different implementations of providing a negative answer, NSEC, NSEC3, NSEC3 White Lies, and NSEC Black Lies.  The purpose of this study is to analyze signed top level domain zones for their NSEC record types and implementations to learn more about the practices utilized by the organizations deploying DNSSEC. We hope to better understand the purpose a zone uses a particular NSEC record for resolving negative answers. This study will allow people to see the measurements of DNS NSEC security employed by different zones and hopefully encourage better security and privacy in the DNS to make the internet safer for all its users.