Dns survey on configurations, interdependencies, resilience and security. A case study of *.Ke domains
Abstract
In this project, we present a survey on DNS Configurations, Interdependencies, Resilience
and Security. The survey focuses on the *.ke Domains. The main intention was to establish whether the DNS configurations -for the *.ke domains really consider basic setup aspects,
configurations, security issues, resilience and interdependencies which determine efficiency,
availability and redundancy of the DNS service.
The initial design of Domain Name System (DNS) did not incorporate a security
infrastructure since it was meant to avail public information to the public. The DNS, also has
major resilience issues which demands of its setup to have at least two name servers which
are geographically dispersed to ensure availability in case one fails The DNS application
which runs on name servers should also be properly updated to ensure the domains are secure
and available. Interdependencies among name servers usually created unintentionally make it
difficult to secure and ensure intergrity of information en-route the DNS system. The survey
sought to establish to what extent these issues have been implemented on the *.ke DNS
configurations.
About 15,000 *.ke domains were used on the survey and were collected from varied sources, ~
and were interrogated using the dig utility available freely on the Internet and nslookup utility
available on windows operating systems and the results collected and summarised on
spreadsheets.The findings indicated a very low compliance to the standard DNS
configuration requirements making *.ke domains non-resilient to failure and overly insecure.
Results indicate that over 60% of the *.ke domain are vulnerable. The survey further
evaluatedthree of the main DNS application and developed web-based step by step 'DNS
Configuration Advisor' tool. This is a highly technical guide that DNS administrator can use
to check the if their DNS server(s) are properly set up to take care configurations, resilience
and interdependencies issues.....that rnay render the domain insecure and unavailable .
Conclusively
we recommend awareness to be done focusing on DNS administrators to ensure
they are conversant with the issues of DNS and the risk they expose their organisations by
running ill-configured DNS systems. Creating a knowledge sharing forum for the DNS
administrators where they would share information on DNS configuration would also go a
long way m educating them and bringing the Issues into the fore
Publisher
School of Computing and Informatics