DNS System Security: Implementing DNSSEC to Protect Against DNS Spoofing and Cache Poisoning Attacks

Margareth Tjandra, Vincent Putra Gotama, Firstian Bertram, Andreas Handojo

doi:https://doi.org/10.59232/CYS-V2I4P105

Research Article | Open Access | Download Full Text

Volume 2 | Issue 4 | Year 2024 | Article Id: CYS-V2I4P105 DOI: https://doi.org/10.59232/CYS-V2I4P105

DNS System Security: Implementing DNSSEC to Protect Against DNS Spoofing and Cache Poisoning Attacks

Margareth Tjandra, Vincent Putra Gotama, Firstian Bertram, Andreas Handojo

Received	Revised	Accepted	Published
08 Oct 2024	12 Nov 2024	30 Nov 2025	25 Dec 2025

Citation

Margareth Tjandra, Vincent Putra Gotama, Firstian Bertram, Andreas Handojo. “DNS System Security: Implementing DNSSEC to Protect Against DNS Spoofing and Cache Poisoning Attacks.” DS Journal of Cyber Security, vol. 2, no. 4, pp. 38-62, 2024.

Abstract

The Domain Name System (DNS) is one of the primary means through which users can communicate with one another over the IT network as it allows users to be able to convert domain names into IP addresses, however seemingly what comes along with technological advancement. This was compounded by the fact that the original system did not have robust security features. To address these challenges, this work presents the implementation of DNS Security Extensions (DNSSEC). To achieve this, the need to protect users from malicious DNS statements is paramount, which is why DNSSEC uses digital signatures to protect users. In order to do this, this paper analyzes the effectiveness of DNSSEC in circumventing DNS-based attacks and the challenges of implementation in different institutions. The findings indicate that DNSSEC enhances the security of sites by curtailing the abuse potential. However, additional architectures and alterations in the systems will be needed. Ultimately, this analysis emphasizes the potential of DNSSEC on the security of the internet and its development patterns, as well as its implications on global cyber space stability.

Keywords

DNS security extensions, DNS spoofing, Internet security, Network security, Cache poisoning.

References

[1] Haya Shulman, and0 Michael Waidner, “DNSSEC for Cyber Forensics,” EURASIP Journal on Information Security, vol. 2014, 2014.

[CrossRef] [Google Scholar] [Publisher Link]

[2] Cloudflare, How does DNSSEC work?. [Online]. Available: https://www.cloudflare.com/learning/dns/dnssec/how-dnssec-works/

[3] S. Ariyapperuma, and C.J. Mitchell, “Security Vulnerabilities in DNS and DNSSEC,” The Second International Conference on Availability, Reliability and Security (ARES'07), Austria, pp. 335-342, 2007.

[CrossRef] [Google Scholar] [Publisher Link]

[4] A Deep Dive on the Recent Widespread DNS Hijacking Attacks, Krebs on Security, 2019. [Online]. Available: https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

[5] Keyu Man, Modern OSes are Prone to Side-Channel-Based DNS Cache Poisoning Attacks, APNIC, 2021. [Online]. Available: https://blog.apnic.net/2021/11/30/modern-oses-dns-cache-poisoning-attacks/

[6] Damon Garn, DNS Security Best Practices to Implement Now, TechTarget, Search Security, 2024. [Online]. Available: https://www.techtarget.com/searchsecurity/tip/DNS-security-best-practices-to-implement-now

[7] Ramaswamy Chandramouli, and Scott Rose, Secure Domain Name System (DNS) Deployment Guide, NIST Special Publication, 2013.

[CrossRef] [Google Scholar] [Publisher Link]

[8] DNS Amplification Attacks, America’s Cyber Defense Agency, Cybersecurity and Infrastructure Security Agency (CISA), 2019. [Online]. Available: https://www.cisa.gov/news-events/alerts/2013/03/29/dns-amplification-attacks

[9] Niels L.M. van Adrichem et al., “A Measurement Study of DNSSEC Misconfigurations,” Security Informatics, vol. 4, 2015.

[CrossRef] [Google Scholar] [Publisher Link]

[10] DNSSEC Complexities and Considerations, Cloudflare. [Online]. Available: https://www.cloudflare.com/dns/dnssec/dnssec-complexities-and-considerations/

[11] DNSSEC, Asia-Pacific Network Information Centre. [Online]. Available: https://www.apnic.net/community/security/dnssec/

[12] Cache Poisoning, DNS Security Resource Center, DNS Security Issues & Threats, Infoblox. [Online]. Available: https://www.infoblox.com/dns-security-resource-center/dns-security-issues-threats/dns-security-threats-cache-poisoning/

[13] Six Ways to Strengthen DNS Security, CSC. [Online]. Available: https://www.cscdbs.com/en/resources-news/six-ways-to-strengthen-dns-security/

[14] “DNS Cache Poisoning: The Risks, Mechanisms, and How to Prevent It, Indusface, [Online]. Available: https://www.indusface.com/learning/dns-cache-poisoning/

[15] Fortifying Your Online Identity: Safeguarding Domain Names from Cache Poisoning, Domain Name Security, DN.Org, 2024. [Online]. Available: https://dn.org/fortifying-your-online-identity-safeguarding-domain-names-from-cache-poisoning/

[16] Jason Bau, and John C Mitchell, “A Security Evaluation of DNSSEC with NSEC3,” Cryptology ePrint Archive, 2010.

[Google Scholar] [Publisher Link]

[17] Geoff Huston, “Measuring the Use of DNSSEC,” 2023. [Online]. Available: https://blog.apnic.net/2023/09/18/measuring-the-use-of-dnssec/

[18] Referensi Skema Normalisasi, DNS Advanced Security Information Model (ASIM) (Pratinjau Umum), Microsoft Learn Challenge, 2024. [Online]. Available: https://learn.microsoft.com/id-id/azure/sentinel/normalization-schema-dns

[19] Imperva, What is Domain Name System (DNS) Spoofing?, Imperva. [Online]. Available: https://www.imperva.com/learn/application-security/dns-spoofing/

[20] What is DNS Cache Poisoning?, DNS Spoofing. [Online]. Available: https://www.cloudflare.com/en-gb/learning/dns/dns-cache-poisoning/

[21] Christopher Makarem, How DNSSEC Works, Medium, 2018. [Online]. Available: https://medium.com/iocscan/how-dnssec-works-9c652257be0

[22] CVE-2021-25220, “DNS Forwarders - Cache Poisoning Vulnerability,” ISC, 2022. [Online]. Available: https://kb.isc.org/docs/cve-2021-25220

[23] Lulien Sobrier, Brazilian Bank Targeted by Phishing Site and DNS Poisoning, Zscaler Blog, 2011. [Online]. Available: https://www.zscaler.com/blogs/security-research/brazilian-bank-targeted-phishing-site-and-dns-poisoning

[24] Top 5 Integration Challenges in DNS Management, DomainSure. [Online]. Available: https://domainsure.com/news/top-5-integration-challenges-in-dns-management/

[25] 8 DNS Email Authentication Obstacles (and Solutions), ValiMail. [Online]. Available: https://www.valimail.com/blog/dns-email-authentication-challenges/

[26] Futuramo, Common DNS Issues and their Solutions, Futuramoblog. [Online]. Available: https://futuramo.com/blog/common-dns-issues-and-their-solutions/

[27] Moritz Muller, Addressing the Challenges of Modern DNS, APNIC, 2022. [Online]. Available: https://blog.apnic.net/2022/07/29/addressing-the-challenges-of-modern-dns/

[28] Admir Dizdar, “What is DNS Attack and How to Prevent them,” Bright, 2022. [Online]. Available: https://brightsec.com/blog/dns-attack/

[29] Nagaraju Pureti, “Cyber Hygiene: Daily Practices for Maintaining Cybersecurity Nagaraju Pureti,” International Journal of Advanced Engineering Technologies and Innovations, vol. 1, no. 3, pp. 35-52, 2021.

[Google Scholar] [Publisher Link]

[30] Paul Rosenzweig, “The International Governance Framework for Cybersecurity,” Canada-United States Law Journal, vol. 37, no. 2, pp. 405-432, 2012.

[Google Scholar] [Publisher Link]

[31] Giovanni Schmid, “Thirty Years of DNS Insecurity: Current Issues and Perspectives,” IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2429-2459, 2021.

[CrossRef] [Google Scholar] [Publisher Link]

[32] S. Abirami, and R. Naresh, “DNS Enhancement with DNSSEC and DoT for Enhanced Online Security,” 2024 2^nd International Conference on Networking and Communications (ICNWC), Chennai, India, pp. 1-11, 2024.

[CrossRef] [Google Scholar] [Publisher Link]

[33] Akshay Mammen Koshy et al., “An Insight into Encrypted DNS Protocol: DNS over TLS,” 2021 4^th International Conference on Recent Developments in Control, Automation & Power Engineering (RDCAPE), Noida, India, pp. 379-383, 2021.

[CrossRef] [Google Scholar] [Publisher Link]

[34] DNSSEC-What is It and Why is it Important?, ICANN. [Online]. Available: https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

[35] What is the Difference between DNSSEC & DNS Security?, Infoblox. [Online]. Available: https://www.infoblox.com/dns-security-resource-center/dns-security-faq/what-is-the-difference-between-dnssec-dns-security/