The Domain Name System (DNS) is a necessary component of the Internet that allows hosts on the Internet to communicate with other hosts without needing to know their cryptic IP addresses. When this protocol was first introduced it did not contain robust security features because scalability was an issue. One of the useful features added to DNS was the DNS update mechanism that allowed other hosts to dynamically change DNS entries. This feature, though, exposed new vulnerabilities to DNS servers which necessitated the implementation of new security protocols. Some of the security protocols introduced to address these issues were Transaction SIGnature (TSIG) and DNS Security Extension (DNSSEC). Although, in IPv4, these mechanisms did resolve most of the security issues dealing with authentication between a node and a DNS server, they are not viable in IPv6 networks. This is because the Neighbor Discovery Protocol (NDP) introduced to organize the large IPv6 address space automatically does not support DNS authentication or have an option for secure DNS updating. In this chapter, the authors first explain the common approaches used in IPv4 to address these security issues. Then they explain the differences between the use of these approaches in IPv4 and IPv6, where the focus is on new research with regard to authentication mechanisms between hosts and DNS servers.
TopIntroduction
DNS (Mockapetris, 1987) establishes a naming system for computers, or any other service or device, connected to a network. Without the DNS protocol, Web addresses would become long, confusing, and difficult to remember. The importance of DNS lies in how it makes the Internet and other networks easier to use. It does this by translating domain names into IP addresses. For example, the domain name www.example.com might translate to the IP address 192.168.204.6. Therefore, changing an IP address of a server, such as Web or email, would have a profound effect on a large number of users and systems that make use of the services on those servers on the Internet.
Even though DNS is a very critical element of the Internet, it only supports basic security mechanisms. Also, new DNS functions, such as Dynamic DNS (DDNS), open up new security issues concerning DNS, such as to how to prevent attackers from changing DNS records–in other words, how to authenticate the host's desire to change Resource Records (RRs) on DNS servers. To address this problem, two different protocols were introduced: Transaction SIGnature (TSIG) (Vixie, Gudmundsson, Eastlake 3rd, & Wellington, 2000) and DNS Security Extension (DNSSEC) (Arends, Austein, Larson, Massey, & Rose, 2005). The extensions to these security protocols could thus resolve the authentication problems in Internet Protocol version 4 (IPv4). But the main problem that exists with the IPv4 network is a lack of IP addresses. According to the IANA exhaustion counter, the last blocks of IPv4 addresses have already been given to the local Internet registries. It is for this reason that the next generation of Internet Protocol, i.e. IPv6 (Deering, & Hinden, 1998) was proposed. The number of unique IPv6 addresses is 2128-32 times greater than those of IPv4. To organize this large address space, two different mechanisms have been proposed: Dynamic Host Configuration Protocol (DHCPv6) (Droms, Bound, Volz, Lemon, Perkins, & Carney, 2003) and Neighbor Discovery Protocol (NDP) (Narten, Nordmark, Simpson, & Soliman, 2007). These two mechanisms, together, are known as IPv6 Autoconfiguration. Unfortunately, security, in the DNS update process, is also the main issue with these two mechanisms. For example, when using DHCPv6, no options have been added to the DHCPv6 messages to handle host authentication of the DNS server. Another main problem, with these mechanisms, is the changeable nature of IPv6 addresses. Because of privacy reasons, and in order to prevent attackers from tracking a node in IPv6 networks, the IPv6 addresses are valid only for a short period of time, which is dependent on network policy. Moreover, in one of these addressing mechanisms, i.e., NDP, there is no control over the nodes that can join the IPv6 networks. These unmanageable and temporary addresses create several issues for the updating of DNS records. There is another issue which concerns resolver authentication. Usually, the DNS client (stub resolver) on the client’s computer sends its queries to another recursive DNS server in order to recursively query other DNS servers and to translate a name to an IP address. It then sends back the result to this client. The DNS client often does not support any secure mechanisms, like DNSSEC, and thus only relies on the source IP address authentication process. An attacker is thus able to spoof this IP address and then send the wrong response to this client. The attacker will then direct the victim to a computer of his choice which, in fact, might be one of his own servers. On many occasions, like checking a bank account, it is important for users to ensure that the query response received from the DNS server was originated by the real recursive DNS server and has not been spoofed by an attacker.
The main focus of this chapter will be on the security mechanisms needed to ensure a securer DNS update and on the proper authentication process. Several books already discuss DNS implementation and configuration. We will therefore just briefly mention this background information. The remaining sections of this chapter are organized as follow: