The method of administration of authentication information on DNS

Tomohiro Ishihara, Yuji Sekiya, Jun Murai

Research output: Contribution to journalArticle

Abstract

DNS is an only successful distributed database that is widely and universally used on the Internet. Thus, to create a universally distributed database at a lower cost, it is better to utilize DNS rather than to construct a new database for querying and storing information. Nowadays, new applications that use DNS as a backend system are being proposed. For example, ENUM [8] maps telephone numbers on DNS tree, and adds information that are related to the phone numbers in autonomously distributed manners. As utilizations of DNS have increased, access control to the information stored in DNS has become necessary. Thus, TSIG[5] protocol extension was proposed to add access controls on DNS. With the extension, it became possible to authenticate each DNS session. However, TSIG is a standard placed on the protocol itself, and it does not consider about building a system that cooperates with other authentication databases. Therefore, this paper proposes a DNS system that can flexible access control with TSIG key mechanism for each DNS updates. A prototype was implemented based on the proposal, and evaluation was made on the prototype. With the system proposed in this research, we achieved flexible and practical operation of DNS access control.

Original languageEnglish
Pages (from-to)97-107
Number of pages11
JournalComputer Software
Volume28
Issue number4
Publication statusPublished - 2011

Fingerprint

Access control
Authentication
Network protocols
Telephone
Internet
Costs

ASJC Scopus subject areas

  • Software

Cite this

The method of administration of authentication information on DNS. / Ishihara, Tomohiro; Sekiya, Yuji; Murai, Jun.

In: Computer Software, Vol. 28, No. 4, 2011, p. 97-107.

Research output: Contribution to journalArticle

Ishihara, T, Sekiya, Y & Murai, J 2011, 'The method of administration of authentication information on DNS', Computer Software, vol. 28, no. 4, pp. 97-107.
Ishihara, Tomohiro ; Sekiya, Yuji ; Murai, Jun. / The method of administration of authentication information on DNS. In: Computer Software. 2011 ; Vol. 28, No. 4. pp. 97-107.
@article{0424bcb19cd244c3849f9bd5d34aa2d4,
title = "The method of administration of authentication information on DNS",
abstract = "DNS is an only successful distributed database that is widely and universally used on the Internet. Thus, to create a universally distributed database at a lower cost, it is better to utilize DNS rather than to construct a new database for querying and storing information. Nowadays, new applications that use DNS as a backend system are being proposed. For example, ENUM [8] maps telephone numbers on DNS tree, and adds information that are related to the phone numbers in autonomously distributed manners. As utilizations of DNS have increased, access control to the information stored in DNS has become necessary. Thus, TSIG[5] protocol extension was proposed to add access controls on DNS. With the extension, it became possible to authenticate each DNS session. However, TSIG is a standard placed on the protocol itself, and it does not consider about building a system that cooperates with other authentication databases. Therefore, this paper proposes a DNS system that can flexible access control with TSIG key mechanism for each DNS updates. A prototype was implemented based on the proposal, and evaluation was made on the prototype. With the system proposed in this research, we achieved flexible and practical operation of DNS access control.",
author = "Tomohiro Ishihara and Yuji Sekiya and Jun Murai",
year = "2011",
language = "English",
volume = "28",
pages = "97--107",
journal = "Computer Software",
issn = "0289-6540",
publisher = "Japan Society for Software Science and Technology",
number = "4",

}

TY - JOUR

T1 - The method of administration of authentication information on DNS

AU - Ishihara, Tomohiro

AU - Sekiya, Yuji

AU - Murai, Jun

PY - 2011

Y1 - 2011

N2 - DNS is an only successful distributed database that is widely and universally used on the Internet. Thus, to create a universally distributed database at a lower cost, it is better to utilize DNS rather than to construct a new database for querying and storing information. Nowadays, new applications that use DNS as a backend system are being proposed. For example, ENUM [8] maps telephone numbers on DNS tree, and adds information that are related to the phone numbers in autonomously distributed manners. As utilizations of DNS have increased, access control to the information stored in DNS has become necessary. Thus, TSIG[5] protocol extension was proposed to add access controls on DNS. With the extension, it became possible to authenticate each DNS session. However, TSIG is a standard placed on the protocol itself, and it does not consider about building a system that cooperates with other authentication databases. Therefore, this paper proposes a DNS system that can flexible access control with TSIG key mechanism for each DNS updates. A prototype was implemented based on the proposal, and evaluation was made on the prototype. With the system proposed in this research, we achieved flexible and practical operation of DNS access control.

AB - DNS is an only successful distributed database that is widely and universally used on the Internet. Thus, to create a universally distributed database at a lower cost, it is better to utilize DNS rather than to construct a new database for querying and storing information. Nowadays, new applications that use DNS as a backend system are being proposed. For example, ENUM [8] maps telephone numbers on DNS tree, and adds information that are related to the phone numbers in autonomously distributed manners. As utilizations of DNS have increased, access control to the information stored in DNS has become necessary. Thus, TSIG[5] protocol extension was proposed to add access controls on DNS. With the extension, it became possible to authenticate each DNS session. However, TSIG is a standard placed on the protocol itself, and it does not consider about building a system that cooperates with other authentication databases. Therefore, this paper proposes a DNS system that can flexible access control with TSIG key mechanism for each DNS updates. A prototype was implemented based on the proposal, and evaluation was made on the prototype. With the system proposed in this research, we achieved flexible and practical operation of DNS access control.

UR - http://www.scopus.com/inward/record.url?scp=82755164973&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=82755164973&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:82755164973

VL - 28

SP - 97

EP - 107

JO - Computer Software

JF - Computer Software

SN - 0289-6540

IS - 4

ER -