[Chugalug] Signing DNS Queries
dwrudy at gmail.com
Wed Sep 4 14:35:31 UTC 2013
.... or, is what I just described exactly what DNSSEC is (for you DNSSEC
geeks out there - this is still 1 aspect of DNS I still don't fully
On Wed, Sep 4, 2013 at 10:21 AM, David White <dwrudy at gmail.com> wrote:
> Many of you guys know that DNS is something I'm interested in and continue
> to do a lot of research and work in. I'm nowhere near an expert, but find
> this aspect of the interwebs fascinating, and have done what I can to
> understand it better and advocate for best DNS practices.
> I'm doing some brainstorming right now, and think I've come up with a
> theory that could possibly work in practice, but is probably a dumb idea.
> What do ya'll think? Is this a stupid idea? (In theory, I think its good,
> but in practice, I do think its dumb).
> Here's a recent article on DNS Amplification attacks and how millions of
> home routers around the world are being used for the attacks:
> My theory is to create some sort of signing system for devices querying
> DNS resolvers that would authenticate the device making the query.
> Sort of like DKIM for email, each router would generate a unique public /
> private key pair (different from the MAC address) that would then tie into
> the router's owner's domain system.
> The public key for the router would go into public DNS, and the private
> key would be stored on the router. If the keys don't match, then the
> resolver doesn't respond / denies the request.
> I see a few major disadvantages to a system like this, including:
> - Added bandwidth to the DNS system
> - No incentive for home users (or anyone, for that matter) to
> implement the system on their routers
> - Low incentive for system administrators who operate resolvers to
> implement it onto their servers
> - Too much data to track in the DNS system (millions of DNS records -
> 1 for each router - would be absurd.... unless each router were given a
> unique subdomain name that the ISP tracked and updated automatically)
> I see this system giving the most benefit to home ISP providers.
> David White
> Founder & CEO
> *Develop CENTS *
> Computing, Equipping, Networking, Training & Supporting
> Nonprofit Organizations Worldwide
Founder & CEO
*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Nonprofit Organizations Worldwide
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug