DNSSEC

What is DNSSEC ?

DNS Security Extensions (DNSSEC) is a security enhancement of Domain Name System. DNSSEC is designed to protect the name lookups from attacks such as DNS cache poisoning and spoofing. DNSSEC ensures

  1. origin of DNS data and
  2. data integrity.

If there is no DNSSEC, attackers can spoof DNS queries and victims may leadto incorrect sites.

DNSSEC ensures the integrity of DNS database and DNS database has a tree structure, so the trust chains between zones are required for DNSSEC. A parent-zone trusts its child zones and signs the keys.

If administrators can create and maintain the correct trust chains of DNSSEC, users are protected by spoofing.

However, there are some concerns deploying DNSSEC. DNSSEC requires more traffic bandwidth to exchange information between a DNS server and users, and DNS servers. Moreover, resolver DNS servers with DNSSEC are required more computing resources than non  DNSSEC resolver servers to validate the DNSSEC signatures.

In order to evaluate the impacts of introducing DNSSEC into the existing DNS environments, simulation and evaluation tool for DNSSEC is needed. We would like to develop the simulation tools and provide them freely for DNS administrators and operators.