Table of Contents. DNS security basics. What DNSSEC has to offer. In what sense is DNS insecure? Why DNS needs to be secured.

Similar documents
Table of Contents. DNS security. Alternative DNS security mechanism. DNSSEC specification. The long (and winding) road to the DNSSEC specification

DNS security. Karst Koymans & Niels Sijm. Tuesday, September 18, Informatics Institute University of Amsterdam

DNSSEC All You Need To Know To Get Started

Network Working Group

Request for Comments: 4509 Category: Standards Track May Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)

Domain Name System Security

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

Domain Name System Security

Domain Name System Security

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

The ISP Column A monthly column on things Internet

Toward Unspoofable Network Identifiers. CS 585 Fall 2009

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

By Paul Wouters

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

Scott Rose, NIST Winter JointTechs Meeting Jan 30, 2011 Clemson University

An Overview of DNSSEC. Cesar Diaz! lacnic.net!

Algorithm for DNSSEC Trusted Key Rollover

ARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN

The impact of DNSSEC on k.root-servers.net and ns-pri.ripe.net

Network Working Group Request for Comments: 5702 Category: Standards Track October 2009

GDS Resource Record: Generalization of the Delegation Signer Model

DNSSEC deployment. Phil Regnauld Hervey Allen

A Security Evaluation of DNSSEC with NSEC Review

DNS Mark Kosters Carlos Martínez ARIN - LACNIC

3. The DNSSEC Primer. Data Integrity (hashes) Authenticated Denial of Existence (NSEC,

Hands-on DNSSEC with DNSViz. Casey Deccio, Verisign Labs RIPE 72, Copenhagen May 23, 2016

Assessing and Improving the Quality of DNSSEC

12 DNS Security Extensions DNS resolution via recursive nameserver DNS request/response format Simple DNS cache poisoning The Dan Kaminsky DNS

Expires: June 16, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST December 17, 2003

Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution

The State and Challenges of the DNSSEC Deployment. Eric Osterweil Michael Ryan Dan Massey Lixia Zhang

Understanding and Deploying DNSSEC. Champika Wijayatunga SANOG29 - Pakistan Jan 2017

DNSSec Operation Manual for the.cz and e164.arpa Registers

I certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist?

Some DNSSEC thoughts. DNSOPS.JP BOF Interop Japan Geoff Huston Chief Scientist, APNIC June 2007

DNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO

A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover

DNSSEC Validators Requirements

CS 356 Using Cryptographic Tools to Secure the Domain Name System (DNS) Spring 2017

Network Working Group

Expires: November 15, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST May 17, 2004

E. Lewis ARIN September 23, KEY RR Secure Entry Point Flag draft-ietf-dnsext-keyrr-key-signing-flag-09. Status of this Memo

DNSSEC HOWTO. A Tutorial in Disguise. Olaf Kolkman, RIPE NCC Published September, $Revision: $

SecSpider: Distributed DNSSEC Monitoring and Key Learning

Network Working Group. Category: Informational November 2007

TWNIC DNS 網路安全研討會安全問題之解決對策 (DNSSEC) Why do we need DNSSEC? Many application depend on DNS DNS is not secure. There are known vulnerabilities

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

Network Working Group Request for Comments: 5155 Category: Standards Track Nominet D. Blacka VeriSign, Inc. March 2008

Session J9: DNSSEC and DNS Security

Step by step DNSSEC deployment in.se. Anne-Marie Eklund Löwinder Quality & Security

DENIC DNSSEC Testbed Software support for DNSSEC Ralf Weber

DNS SECurity Extensions technical overview

Internet Engineering Task Force (IETF) April Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC

APNIC DNSSEC APNIC DNSSEC. Policy and Practice Statement. DNSSEC Policy and Practice Statement Page 1 of 12

Deploying New DNSSEC Algorithms

That KSK Roll. Geoff Huston APNIC Labs

Afilias DNSSEC Practice Statement (DPS) Version

Documentation. Name Server Predelegation Check

Rolling with Confidence: Managing the Complexity of DNSSEC Operations

DS TTL shortening experience in.jp

SOFTWARE USER MANUAL (SUM): TRAINING, PROCEDURAL, AND DEVELOPMENT DOCUMENTATION

Domain Name System (DNS)

Measuring the effects of DNSSEC deployment on query load

GDS Resource Record: Generalization of the Delegation Signer Model

Ad-hoc trust associations with Trust Anchor Repositories

Ordinary DNS: A? k.root-servers.net. com. NS a.gtld-servers.net a.gtld-servers.net A Client's Resolver

Seamless transition of domain name system (DNS) authoritative servers

DNSSEC. CS 161: Computer Security Prof. David Wagner. April 11, 2016

DNS Security and DNSSEC in the root zone Luzern, Switzerland February 2010

Root Zone DNSSEC KSK Rollover

The Performance of ECC Algorithms in DNSSEC: A Model-based Approach

RIPE NCC DNS Update. K-root and DNSSEC. Anand Buddhdev October 2018 RIPE 77

Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status

DNSSEC operational experiences and recommendations. Antti Ristimäki, CSC/Funet

Securing Domain Name Resolution with DNSSEC

DNS Resolver Software Change Planning. for Trust Anchor Key Management. Based on TAKREM

Implementing DNSSEC with DynDNS and GoDaddy

DNSSEC for ISPs workshop João Damas

5 DNS Security Extensions DNSSEC

DNSSEC at ORNL. Paige Stafford Joint Techs Conference, Fairbanks July 2011

DNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46

BIND-USERS and Other Debugging Experiences. Mark Andrews Internet Systems Consortium

DNSSEC Overview. NANOG 54 Tutorial" Matt Larson! Vice President, DNS Research" Verisign Labs" Version: "

CNAME-based Redirection Design Notes

THE BRUTAL WORLD OF DNSSEC

DNSSEC in Switzerland 2 nd DENIC Testbed Meeting

Internet Engineering Task Force (IETF) Request for Comments: 6725 Category: Standards Track August 2012 ISSN:

DNS Activity at IETF65

RIPE Network Coordination Centre. K-root and DNSSEC. Wolfgang Nagele RIPE NCC.

Packet Traces from a Simulated Signed Root

DNSSEC Deployment Guide

2017 DNSSEC KSK Rollover. Guillermo Cicileo LACNIC March 22, 2017

Lab 6 Implementing DNSSEC

Keeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson

A Case for Comprehensive DNSSEC Monitoring and Analysis Tools

DNS Security. APNIC42 Colombo Sri Lanka 01 October 2016 Champika Wijayatunga

DNSSEC for the Root Zone. ICANN 37 Nairobi March 2010

DNSSEC Basics, Risks and Benefits

Transcription:

Table of Contents DNS security basics The basics Karst Koymans (with Niels Sijm) Informatics Institute University of Amsterdam (version 2.3, 2013/09/13 11:46:36) Tuesday, Sep 17, 2013 Why DNS needs to be secured The long (and winding) road to the DNSSEC specification On locks and seals Chain of trust Walking and trusting the DNS tree Validating RRsets using multiple DNSKEY records Details of RRs used in the chain of trust In what sense is DNS insecure? What DNSSEC has to offer DNS data can be subject to forgery Non-authoritative servers can try to inject false information Records can be changed in transit to point to evil information Like A records pointing to a phisher s IP address DNS data traverses the network in clear text Anyone with network path access can eavesdrop on your DNS traffic Gleaning information useful in spoofing attacks Protects against forgery Uses public key cryptography Cryptographically signs the resource record sets in answers Builds a chain of trust from the root down Does not prevent eavesdropping Data still traverses the network in clear text Gleaning data is still possible But spoofing is not possible any more

DNSSEC specification Alternative DNS security mechanism Original specification from January 1997 RFC 2065 Revised specification from March 1999 RFC 2535 Incorporated feedback from early users Had deployment problems, especially scaling issues Final specification from March 2005 DNSSEC-bis (RFC 4033, 4034 and 4035) Final addition from February 2008 NSEC3 (RFC 5155) DNSCurve Idea by Dan Bernstein Proposed in August 2008 (after NSEC3 spec) Encrypts and authenticates on the link level Signs communication packets, not resource records Uses labels of name servers to distribute public keys Uses state of the art elliptic curve cryptography for speed Worth a read at http://dnscurve.org/ Also see http://curvecp.org/ Secret key cryptography Public key cryptography encryption Use one lock and two identical keys Use a lock, which closes without key, and one key to open Source: Cisc, University of Hong Kong Source: Cisc, University of Hong Kong

Public key cryptography signing Trusted party and/or certificate authority Use an unforgeable seal and check the characterisitics Use a trusted repository or party Create a chain of trust by signing public keys Source: Cisc, University of Hong Kong Source: Cisc, University of Hong Kong Basic tree walking mechanism Delegations of authority Validating a RRset for www.os3.nl from the root (. ) down Start at the root, which is a trust anchor Verify authenticity of delegation to nl. zone Verify authenticity of delegation to os3.nl. zone Verify authenticity of RRset for www.os3.nl. Source: Niels Sijm, CIA lecture 2012-2013

DNSSEC-bis resource records Signing Resource Record sets Resource Records used to build the chain of trust DNSKEY DNS (public) KEY belonging to a zone Used to verify signatures Root DNSKEY is well known DS Delegation Signer Contains the hash of the DNSKEY of a delegation (child) zone The DNSKEY hashed is a secure entry point (SEP) RRSIG Resource Record SIGnature Contains the signature of an RRset Source: Niels Sijm, CIA lecture 2012-2013 Tree walking algorithm Query types used Validating delegation from. (root) to nl. zone (top down) 1 1. Signing key of root zone is known to the resolver 2. Ask. zone for DS of nl. zone 3. Ask nl. zone for DNSKEY of nl. zone 4. Verify that DS contains a valid hash of DNSKEY Two steps are missing... 5. Get the signatures of the DS record 6. Check that the DS record for nl. authentic Source: Niels Sijm, CIA lecture 2012-2013 1 Ignoring KSKs and ZSKs for simplicity for now

Detailed tree walking algorithm (1) Detailed tree walking algorithm (2) 1. Retrieve DNSKEY for root zone Stored in resolver as a secure starting point Can also be retrieved from root nameservers dig @a.root-servers.net.. dnskey 2. Ask root zone for the DS of the nl. zone Contains a hash of the DNSKEY of the nl. zone Stored in the root zone dig @a.root-servers.net. nl. ds 3. Ask nl. zone for DNSKEY of nl. zone dig [@ns1.dns.nl.] nl. dnskey 4. Verify that DS contains a valid hash of DNSKEY Create the hash of the DNSKEY RRset yourself Compare the result to the hash in the DS record Detailed tree walking algorithm (3) Multiple DNSKEY records Don t forget the following steps 5. Retrieve signature of nl. DS RRset Stored in root zone dig +dnssec @a.root-servers.net nl. ds Without the +dnssec flag you don t get the RRSIG info needed 6. Verify this signature using the root zone DNSKEY, thereby proving the authenticity of the DS record Zones tend to contain multiple DNSKEY records in the apex Usually there are at least two DNSKEYs A KSK (Key Signing Key) as secure entry point for chain of trust A ZSK (Zone Signing Key) for RRSIG creation A ZSK may change much more often than a KSK This is not necessary for DNSSEC operation It simplifies DNS key management

DNSSEC-bis chain of trust (1) DNSSEC-bis chain of trust (2) This time we present the algorithm more abstractly and bottom up To validate a resource record set RRset Validate RRSIG(RRset) by using a ZSK (zone signing key) from the DNSKEY RRset Validate RRSIG(DNSKEYset) by using a KSK (key signing key) from that same DNSKEY RRset Validate the KSK by using a DS (present in the parent zone) which contains a hash of the KSK the KSK used is called a SEP (Secure Entry Point) Continue validating one level higher in the hierarchy Use DS as RRset and iterate Use trusted anchors for DNSKEYs or DSs to terminate for instance for checking root zone keys Authority around a cut is now as follows NS and DNSKEY are authoritative on the child side of the cut (zone apex) DS is authoritative on the parent side of the cut (delegation point) Chain of trust illustration RRSIG record example from RFC 4034 1 2 3 Walking the Chain of Trust Locally configured Trusted key:. 8907 $ORIGIN.. DNSKEY ( ) 5TQ3s (8907) ; KSK DNSKEY ( ) lase5 (2983) ; ZSK RRSIG DNSKEY ( ) 8907. 69Hw9.. net. DS 7834 3 1ab15 RRSIG DS ( ). 2983 $ORIGIN ripe.net. 7 5 4 $ORIGIN net. net. DNSKEY ( ) q3dew (7834) ; KSK DNSKEY ( ) 5TQ3s (5612) ; ZSK RRSIG DNSKEY ( ) 7834 net. cmas... ripe.net. DS 4252 3 1ab15 RRSIG DS ( ) net. 5612 6 host.example.com. 86400 IN RRSIG A 5 3 86400 20030322173103 ( 20030220173103 2642 example.com. ojb1w6wngv+ldvq3wdg0mqkg5iehjrip8wtr PYGv07h108dUKGMeDPKijVCHX3DDKdfb+v6o B9wfuh3DTJXUAfI/M0zmO/zz8bW0Rznl8O3t GNazPwQKkRN20XPXV6nwwfoXmJQbsLNrLfkG J5D6fwFm8nN+6pBzeDQfsS3Ap3o= ) ripe.net. DNSKEY ( ) rwx002 (4252) ; KSK DNSKEY ( ) sovp42 (1111) ; ZSK 8 RRSIG DNSKEY ( ) 4252 ripe.net. 5t... www.ripe.net. A 193.0.0.202 RRSIG A ( ) 1111 ripe.net. a3... 9 http://www.nlnetlabs.nl/ Albuquerque Feb 2006 Source: Olaf Kolkman, RIPE NCC, NLnet Labs

RRSIG record content DNSKEY record example from RFC 4034 Part Type covered Algorithm Labels TTL Expiration and Inception Key Tag Signer s Name Signature Meaning Record type this RRSIG is about Signature algorithm used; 5 is RSA/SHA-1 Number of labels of owner (without root) Original time to live Signature validity date bounds To help find 2 (not identify) the signing key Owner name of zone and key to use Signature (in Base64) example.com. 86400 IN DNSKEY 256 3 5 ( AQPSKmynfzW4kyBv015MUG2DeIQ3 Cbl+BBZH4b/0PY1kxkmvHjcZc8no kfzj31gajiqky+5cptlr3buxa10h WqTkF7H6RfoRqXQeogmMHfpftf6z Mv1LyBUgia7za6ZEzOJBOztyvhjL 742iU/TpPSEDhm2SNKLijfUppn1U anvv4w== ) 2 In fact it is a kind of checksum on the RDATA of the DNSKEY RR DNSKEY record content DS record example from RFC 4034 and 4509 Part Flags Protocol Algorithm Public key Meaning Zone key (KSK+ZSK); Secure entry point (KSK) Always 3 (for backward compatibility with KEY RR) Signature algorithm used; 5 is RSA/SHA-1 Key used for signing (in Base64) dskey.example.com. 86400 IN DNSKEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz fwjr1aytsmx3tgkjanxvbfi/ 2pHm822aJ5iI9BMzNXxeYCmZ DRD99WYwYqUSdjMmmAphXdvx egxd/m5+x7orzkbambcvdflu Uh6DhweJBjEVv5f2wwjM9Xzc nof+epbtg9dmbmadjfdc2w/r ljwvfw== ) ; key id = 60485 dskey.example.com. 86400 IN DS 60485 5 1 ( 2BB183AF5F22588179A53B0A98631FAD1A292118 ) ; SHA-1 dskey.example.com. 86400 IN DS 60485 5 2 ( D4B7D520E7BB5F0F67674A0C CEB1E3E0614B93C4F9E99B83 83F6A1E4469DA50A ) ; SHA-256

DS record content Part Key Tag Algorithm Digest Type Digest Meaning To help find (not identify) the signing key Signature algorithm of the signing key Hashing algorithm used; 1 is SHA-1, 2 is SHA-256 Sequence of case-insensitive hexadecimal digits

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback