On the virtues and liabilities of ConfiDNS : can simple tactics overcome deep insecurities?

Yazir, Yağız Onat

17 February 2010

The Domain Name System (DNS) is perhaps one of the most widely used infrastructural software entities in the world. Built in a distributed manner. DNS can be simply explained as a mapping tool between human readable addresses and physical addresses. Ultimately. it acts much like a phone book. providing a means of associating a high-level understanding with a low-level representation. However, the primary goal that motivated the design and implementation of such a mapping device was solely performance. The creators of DNS mainly focused on getting technical details right, leaving gaps for today's security and availability threats which were nonexistent at that time. As a result. DNS provides an insecure and unreliable mapping mechanism in today's environment that neither performs any checks on the origin of data, nor provides a solution better then simple replication in the face of benign or malicious server failures. After the emergence of threats like man-in-the-middle attacks, distributed denial of service attacks, and server overloads, alarms have been sounding in the systems community for a renovation of DNS. This need has given birth to several proposals to improve the security and availability in DNS. DNS Security Extensions (DNSSEC). Scalable Byzantine Fault Tolerant Secure DNS (SBFTSDNS), Cooperative DNS (CoDoNS), and Cooperative DNS Lookup System (CoDNS) are some of the most important steps taken to fix the current problems in DNS. This thesis overviews these proposals for renovation in addition to a recent proposal based on cooperation between domain name servers, called ConfiDNS [1]. ConfiDNS does not dictate any change to the current setting of DNS; instead it intercepts name resolution activity between a client and a domain name server, and performs multiple simultaneous name lookup queries to multiple name servers in order to produce results (Internet Protocol Addresses) that are agreed upon by a pool of name servers. Further, the agreed results are stored for a history mechanism to operate on, in order to create direct paths to the source of content, and bypass problematic name servers during server failures. The key to availability on the client-side of DNS is the cooperative approach. which extends the classic primary-secondary replication scheme to a pool of name servers. The primary statistics on the collected domain name resolution data show that for approximately 95% of the domain names this idea is applicable, while for the rest, which are mostly domain names served by content distribution networks, is not realistic due to the number and frequent variation of physical addresses

internet domain names

The clash between trade mark law and freedom of speech in cyberspace : does ICANN's URDP strike the right balance?

Lim, Eugene.

January 2004

Thesis (LL. M.)--University of Toronto, 2004. / Adviser: Abraham Drassinower.

ICANN, the structuring of cyberspace, and resistance /

Brophy, Enda,

January 1900

Thesis (M.A.) - Carleton University, 2002. / Includes bibliographical references (p. 206-215). Also available in electronic format on the Internet.

Deploying DNSSEC in islands of security

Murisa, Wesley Vengayi

31 March 2013

The Domain Name System (DNS), a name resolution protocol is one of the vulnerable network protocols that has been subjected to many security attacks such as cache poisoning, denial of service and the 'Kaminsky' spoofing attack. When DNS was designed, security was not incorporated into its design. The DNS Security Extensions (DNSSEC) provides security to the name resolution process by using public key cryptosystems. Although DNSSEC has backward compatibility with unsecured zones, it only offers security to clients when communicating with security aware zones. Widespread deployment of DNSSEC is therefore necessary to secure the name resolution process and provide security to the Internet. Only a few Top Level Domains (TLD's) have deployed DNSSEC, this inherently makes it difficult for their sub-domains to implement the security extensions to the DNS. This study analyses mechanisms that can be used by domains in islands of security to deploy DNSSEC so that the name resolution process can be secured in two specific cases where either the TLD is not signed or the domain registrar is not able to support signed domains. The DNS client side mechanisms evaluated in this study include web browser plug-ins, local validating resolvers and domain look-aside validation. The results of the study show that web browser plug-ins cannot work on their own without local validating resolvers. The web browser validators, however, proved to be useful in indicating to the user whether a domain has been validated or not. Local resolvers present a more secure option for Internet users who cannot trust the communication channel between their stub resolvers and remote name servers. However, they do not provide a way of showing the user whether a domain name has been correctly validated or not. Based on the results of the tests conducted, it is recommended that local validators be used with browser validators for visibility and improved security. On the DNS server side, Domain Look-aside Validation (DLV) presents a viable alternative for organizations in islands of security like most countries in Africa where only two country code Top Level Domains (ccTLD) have deployed DNSSEC. This research recommends use of DLV by corporates to provide DNS security to both internal and external users accessing their web based services. / LaTeX with hyperref package / pdfTeX-1.40.10

Internet domain names

Computer security

Computer network protocols

Computer security -- Africa

An evaluation of the regulation and enforcement of trade mark and domain name rights in South Africa

Maunganidze, Tendai

January 2007

The conflict between trade marks and domain names has been a major subject of legal debate over the past few years. The issues arising from the relationship between trade marks and domain names reveal the difficulties associated with attempts to establish mechanisms to address the problems existing between them. Trade mark laws have been adopted to resolve the trade mark and domain name conflict, resulting in more conflict. Domain name registers have to date been constructed on the basis of first come first served. Given that the generic indicators are very general, it has been inevitable that problems would arise, particularly once the commercial potential of the Internet began to be realised. Unlike domain names, trade marks are protected in ways which are more precise. Trade marks may not be imitated either exactly or in a manner so similar that it is likely to confuse a significant portion of the public. It is possible for more than one enterprise to use the same trade mark in respect of different goods, although this is not possible with domain names. This disparity in objectives leads to two core problems. The first problem relates to cybersquatters who deliberately secure Top Level Domains (TLDs) containing the names or marks of well known enterprises in order to sell them later. The second problem relates to the rival claims between parties who have genuine reasons for wanting particular TLDs, and problems associated with the resolution of such claims. The disputes between parties with legitimate conflicting interests in domain names are often not equitably and effectively resolved, thus compromising the rights of domain name holders. There is great activity in the United States of America (USA) and the United Kingdom (UK) to provide a more substantial system of governing and regulating the Internet. There is a strong movement to provide methods of arbitrating conflicts between honest claims to TLDs which conflict either in Internet terms or in trade mark law. However, these difficult policies remain to be settled. South Africa's progress towards the establishment of an effective mechanism to govern and regulate the Internet has been hindered by the absence of a policy to resolve domain related trade mark disputes. South Africa only recently drafted the South African Regulations for Alternative Domain Name Dispute Resolution (zaADRR), although the regulations have not yet been adopted. Therefore South African parties to domain name disputes continue to find solutions to their problems through the court system or foreign dispute resolution policies. The purpose of this study is firstly to examine and to comment on the basic issues of trade mark law and domain names in this area, with particular reference to South Africa, and secondly to examine the mechanisms in place for the resolution of trade mark and domain name disputes and to highlight the issues that flow from that. An additional purpose of this study is to discuss the policies of the dispute resolution mechanisms and to suggest how these policies can be improved.

IPAM : a web-based IP/DNS management system /

Samiuddin, Asim.

January 2004

Thesis (M.S.)--University of Missouri-Columbia, 2004. / Typescript. Includes bibliographical references (leaves 68-69). Also available on the Internet.

IPAM a web-based IP/DNS management system /

Samiuddin, Asim.

January 2004

Thesis (M.S.)--University of Missouri-Columbia, 2004. / Typescript. Includes bibliographical references (leaves 68-69). Also available on the Internet.

Nomes de domínio e o sistema administrativo de conflitos de internet

Neves, Kelli Priscila Angelini

22 August 2013

Made available in DSpace on 2016-04-26T20:22:26Z (GMT). No. of bitstreams: 1 Kelli Priscila Angelini Neves.pdf: 14151401 bytes, checksum: 58cb3f9d0ea8aef19caf74e21ba14073 (MD5) Previous issue date: 2013-08-22 / The objective of this research, after addressing the history of the Internet and its success, was analyze the Domain Names within the requirements of civil law, their technical structure, concepts, legal nature and its environment as a legal business. Given the characterization and definition dfDomain Names, in special its distinctive legal nature, analyze the types of disputes involving Domain N ames registration and alternative means for resolving these conflicts. Since the study focused especially on registered domain names within the .br, the emergence and experience of the UDRP - Uniform Dispute Resolution Policy are analyzed in comparison to the SACI - Administrative System for Dispute Resolution of .br Internet Domain Names - (Sistema Administrativo de Conflitos de Internet para nomes de domíno no .br - In the original in Portuguese), examining not only the system rules, but also the procedures already judged until the date of completion of this work and measures that might be adopted in the post-SACI / O objetivo desta pesquisa, após abordar o histórico da lnternet e a sua consagração, foi analisar, dentro da exigência do Direito Civil, os nomes de domínios, sua estrutura técnica, conceito, natureza jurídica e seu, enquadramento como negócio jurídico. Diante da caracterização e definição dos nomes de domínios, em especial de sua natureza jurídica de signo distintivo, analisam-se também os tipos de conflitos envolvendo os nomes de domínios registrados e os meios alternativos para solução desses conflitos. Tendo o estudo focado especialmente nos nomes de domínios registrados no ".br", aborda-se, ao analisar os meios alternativos para solução de conflitos para nomes de domínios existentes, o surgimento e a experiência da UDRP ­ Uniform Dispute Resolution Policy (Política Uniforme para Resolução de Disputas), para o fim de analisar a implementação do SACI - Sistema Administrativo de Conflitos de Internet para nomes de domínios no ".br", examinando não só as regras instituídas para esse Sistema, mas também os procedimentos já julgados até a data da conclusão deste trabalho e eventuais medidas que possam ser adotadas na fase pós-SACI

Nome de domínio

Domain names

Alternate method for dispute resolution

Der Vorteil des ersten Zugriffs durch "Webpositioning" - das Internet als Schnittstelle von Markenrecht und Wettbewerbsrecht /

Rousseau, Marc-André.

January 2007

Universiẗat, Diss.--Freiburg. i. Br., 2005. / Literaturverz. S. 274 - 285.

Der Vorteil des ersten Zugriffs durch "Webpositioning" - das Internet als Schnittstelle von Markenrecht und Wettbewerbsrecht /

Rousseau, Marc-André.

January 2007

Thesis (doctoral)--Albert-Ludwigs-Universität Freiburg im Breisgau, 2007. / Includes bibliographical references (p. 271-284).