/plushcap/analysis/cloudflare/dnssec-complexities-and-considerations

DNSSEC: Complexities and Considerations

What's this blog post about?

This blog post discusses some complications associated with Domain Name System Security Extensions (DNSSEC), an extension to the Domain Name System (DNS) that provides a system of trust for DNS records. The main issues are zone content exposure, key management, and the impact on DNS reflection/amplification attacks. Zone content exposure occurs when enabling DNSSEC may expose otherwise obscured zone content. Key management is another concern as DNSSEC was designed to operate in various modes, each providing different security, performance, and convenience tradeoffs. Lastly, operators running an authoritative DNS server are often nervous their server will be used as a conduit for malicious distributed denial of service (DDoS) attacks due to the fact that DNS uses UDP, a stateless protocol. CloudFlare is working on solutions to address these issues and reduce any negative impact they might have.

Company
Cloudflare

Date published
Nov. 5, 2014

Author(s)
Nick Sullivan

Word count
2631

Language
English

Hacker News points
8


By Matt Makai. 2021-2024.