The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Casey Deccio - Sandia National Labs

Students: Spring 2023, unless noted otherwise, sessions will be virtual on Zoom.

Modeling DNS Security: Misconfiguration, Availability, and Visualization

Mar 02, 2011

Download: Video Icon MP4 Video Size: 443.7MB  
Watch on Youtube Watch on YouTube


The Domain Name System (DNS) is one of the components most critical to
Internet functionality. The ubiquity of the DNS necessitates both the
accuracy and availability of responses. While the DNS Security
Extensions (DNSSEC) add authentication to the DNS, they also increase
the complexity of an already complex name resolution system. Many
deployments have suffered from server misconfiguration or maintenance
neglect which increase the likelihood of name resolution failure for a
domain name, even if servers are responsive.

Our research introduces metrics for quantifying DNSSEC availability and
evaluates these metrics on production signed DNS zones to show the
pervasiveness of misconfiguration. We present methodology for
increasing robustness of name resolution in the presence of DNSSEC
misconfiguration. In our survey of production signed zones, we observe
that nearly one-third of the validation errors detected might be
mitigated using the technique proposed in our research.

As part of my talk, I will also demo an online DNS visualization tool
designed to assist administrators in identifying critical issues with
their DNSSEC deployments.

This is joint work with researchers at UC Davis and Intel Corporation.

About the Speaker

Casey Deccio is a Senior Member of Technical Staff at Sandia National
Laboratories in Livermore, CA. He joined Sandia in 2004 after receiving
his BS and MS degrees in Computer Science from Brigham Young University,
and he received his PhD in Computer Science from the University of
California, Davis in 2010. Casey's research interests lie primarily in
modeling and availability analysis of DNS and DNSSEC, and he leads
Sandia's DNSSEC deployment efforts.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!