The method of administration of authentication information on DNS

Tomohiro Ishihara, Yuji Sekiya, Jun Murai

Research output: Contribution to journalArticle

Abstract

DNS is an only successful distributed database that is widely and universally used on the Internet. Thus, to create a universally distributed database at a lower cost, it is better to utilize DNS rather than to construct a new database for querying and storing information. Nowadays, new applications that use DNS as a backend system are being proposed. For example, ENUM [8] maps telephone numbers on DNS tree, and adds information that are related to the phone numbers in autonomously distributed manners. As utilizations of DNS have increased, access control to the information stored in DNS has become necessary. Thus, TSIG[5] protocol extension was proposed to add access controls on DNS. With the extension, it became possible to authenticate each DNS session. However, TSIG is a standard placed on the protocol itself, and it does not consider about building a system that cooperates with other authentication databases. Therefore, this paper proposes a DNS system that can flexible access control with TSIG key mechanism for each DNS updates. A prototype was implemented based on the proposal, and evaluation was made on the prototype. With the system proposed in this research, we achieved flexible and practical operation of DNS access control.

Original languageEnglish
Pages (from-to)97-107
Number of pages11
JournalComputer Software
Volume28
Issue number4
Publication statusPublished - 2011

    Fingerprint

ASJC Scopus subject areas

  • Software

Cite this