The method of administration of authentication information on DNS

DNS is an only successful distributed database that is widely and universally used on the Internet. Thus, to create a universally distributed database at a lower cost, it is better to utilize DNS rather than to construct a new database for querying and storing information. Nowadays, new applications that use DNS as a backend system are being proposed. For example, ENUM [8] maps telephone numbers on DNS tree, and adds information that are related to the phone numbers in autonomously distributed manners. As utilizations of DNS have increased, access control to the information stored in DNS has become necessary. Thus, TSIG[5] protocol extension was proposed to add access controls on DNS. With the extension, it became possible to authenticate each DNS session. However, TSIG is a standard placed on the protocol itself, and it does not consider about building a system that cooperates with other authentication databases. Therefore, this paper proposes a DNS system that can flexible access control with TSIG key mechanism for each DNS updates. A prototype was implemented based on the proposal, and evaluation was made on the prototype. With the system proposed in this research, we achieved flexible and practical operation of DNS access control.