University of Twente Student Theses


On Services Exposed by DNS Infrastructure: A KINDNS Investigation

Christou, G. (2023) On Services Exposed by DNS Infrastructure: A KINDNS Investigation.

[img] PDF
Abstract:Despite the increased community efforts to improve DNS hygiene, DNS operators seldom live up to industry standards. ICANN acknowledged this with the introduction of the KINDNS framework, intended to offer better focus and incentives to DNS operators via a purposefully compact ruleset. This work stands as an initial attempt to investigate KINDNS readiness with regard to the services offered on DNS infrastructure. The findings reveal only a few DNS hosting providers being ready for KINDNS adoption. When configuration lies in the hands of individuals, the practices of virtual private server providers show security at its weakest. DNS insecurity is further supported by 2.5% of authoritative servers, most of which appearing in the wild for over 2 years, that increase their attack surface by offering recursion. Recursive servers are more guilty of weak configurations, with 99% of them neglecting DNS-over-Encryption in their communication with clients. 70% of authoritative and 24% of recursive servers are further guilty of acting beyond their DNS functionalities, though the practices of more popular and shared zones are better. It hereby remains to be seen if KINDNS does eventually align everyone's priorities so as to have security at their center.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page