The Availability and Security Implications of Glue in the Domain Name System
Zheng Wang
TL;DR
This paper systematically analyzes DNS glue, highlighting its critical role, vulnerabilities, and the impact on availability, while proposing minimal glue configurations and exposing security limitations.
Contribution
It provides the first comprehensive analysis of DNS glue, including availability implications, security vulnerabilities, and measurement-based insights into glue redundancies and risks.
Findings
Wide occurrence of glue redundancies
Identification of security vulnerabilities in glue
Limitations of current countermeasures
Abstract
The Domain Name System (DNS) is one of the most fundamental components of the Internet. While glue is widely used and heavily relied on in DNS operations, there is little thinking about the necessity, complexity, and venerability of such prevalent configuration. This work is the first to provide extensive and systematic analysis of DNS glue. It discusses the availability implications of glue and proposes the minimum glue records in terms of availability. It also identifies the security vulnerabilities of glue as well as the limitations of current countermeasures. Measurements show the wide occurrences of glue redundancies and glue vulnerabilities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsIPv6, Mobility, Handover, Networks, Security · Mobile Agent-Based Network Management · Internet Traffic Analysis and Secure E-voting