Interesting paper here:
The primary contribution of this paper is to expose the inherent risks involved in a basic Internet service.
Perils of Transitive Trust in the Domain Name System, Venugopalan Ramasubramanian and Emin Gun Sirer, In Proceedings of Internet Measurement Conference (IMC), Berkeley, California, October, 2005.
Well, no, not really. All the risks mentioned in the paper are common knowledge among people who deal with these things.
These risks create an artificial dilemma between failure resilience, which argues for more geographically distributed nameservers, and security, which argues for fewer centralized trusted nodes.
Well, no, not really. Fewer centralized trusted nodes wouldn’t necessarily increase security; they’d just reduce the number of targets that would be worth attacking. While a smaller trusted computing base may be better for security within a single organization, it’s not clear it is better for security of a distributed service such as DNS across the distributed Internet.
The paper further expresses surprise to find that many DNS servers are run by gasp academic institutions! The paper says such institutions do not have a financial relationship with the domains they serve and thus no fiduciary incentives to do it right. That’s true, but fiduciary incentives are not the only incentives, and the more diverse the administrators of DNS servers the less likely they are all to be simultaneously compromised by commercial or political pressures.
The paper goes on to document specific numbers of vulnerable nameservers. This information could be used to help fix the problem.Continue reading