University of Twente Student Theses


DoS attack on recursive resolvers with DNSSEC key-tag collisions

Bleeker, D.A. (2019) DoS attack on recursive resolvers with DNSSEC key-tag collisions.

[img] PDF
Abstract:DNSSEC was implemented to strengthen DNS and enable resolvers and end-users to validate the the integrity and origin of responses by using digital signatures. To speed up this verification, key-tags were introduced. In this paper we analyse an attack that uses key-tag collisions to generate enough computational overhead to render a recursive resolver unavailable (DoS attack). A zone with 65 keys with the same key-tag was set up on an authoritative name server, along with a resolver (Unbound and BIND) and an attacker, to simulate this attack. This paper concludes attempting to DoS a recursive resolver using DNSSEC key-tag collisions is viable, at least in theory.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Keywords:DNS, DNSSEC, Key-tag collision, Attack, DoS, Resolver, RSA, CPU utilisation, Unbound, BIND
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page