ICANN DNS Security Reading List
< back to list
DNS Security Reading List
|
I often get asked for background reading
on the Internet’s naming and address address allocation systems. So I’ve
started to pull together a collection of links to documents and sites that I’ve
found helpful in discussions about the security/integrity/resilience of the
Internet’s domain name system, along with some basic primers on Internet
architecture. Suggestions and recommendations are avidly invited —
particularly for non-US resources.
— Andrew
Internet Architecture
-
The Internet’s Coming of Age (Committee on
the Internet in the Evolving Information Infrastructure, Computer Science and
Telecommunications Board, National Research Council) [2001]
(Great in-depth introduction to how the Internet works & current issues
of scaling, assuring integrity, robustness, etc.) -
RFC 1958: Architectural Principles of the Internet (B.
Carpenter, editor) [June 1996]Domain Name System (DNS):
-
RFC 1591: Domain Name System Structure and Delegation (J.
Postel) [March 1994] -
RFC 1035: Domain Names – Implementation and Specification (P.
Mockapetris) [November 1987] -
RFC 1034: Domain Names – Concepts and Facilities (P.
Mockapetris) [November 1987] -
DNS and BIND: Chapter 11 – Security (P.
Albitz and C. Liu) [O’Reilly, May 2001] -
Cricket Liu’s DNS Corner (Includes
useful DNS Glossary and DNS Security pages)Root Name Servers:
-
RFC 2870: Root Name Server Operational Requirements (R.
Bush, et al.) [June 2000] -
Root Name Server Year 2000 Status (D.
Conrad, et al.) [July 1999]Name Server Security:
-
Securing An Internet Name Server (C. Liu)
DNS Security Extensions (DNSSEC):
-
RFC 3130: Notes from the State-Of-The-Technology: DNSSEC (E.
Lewis) [June 2001] -
RFC 3090: DNS Security Extension Clarification on Zone
Status (E. Lewis) [March 2001] -
RFC 2541: DNS Security Operational Considerations (D.
Eastlake) [March 1999] -
RFC 2536: DSA KEYs and SIGs in the Domain Name System (DNS) (D.
Eastlake) [March 1999] -
RFC 2535: Domain Name System Security Extensions (D.
Eastlake) [March 1999] -
DNSSEC – Design & Structure (E. Lewis)
[May 1999] -
“Securing the Domain Name System” (D.
Davidowicz and P. Vixie) [Network Magazine, January 2000] -
DNS Security – An Introduction (B.
Wellington) [NAI Labs, January 1999] -
NLNetLabs DNSSEC Resources page
Very User-Friendly Introductions to the
DNS:
-
“How Domain Name Servers Work” (Marshall
Brain)General Internet Security Resources:
-
RFC 2828: Internet Security Glossary (R.Shirey)
[May 2000] -
W3C World Wide Web Security FAQ [September
2001] -
Security of the Internet (CERT) [1998]
-
The Survivability Imperative: Protecting Critical Systems (R.
Linger, et al.) [October 2000] -
Beyond Encryption (prepared by Marketa
Morska, Office for the State Information System, Czech Republic, for the
Information Society DG of the European Commission) [June 2000]Governmental Communications:
-
Letter from U.S. Secretary of Commerce Donald L. Evans to
Vint Cerf [October 2001] -
“Creating a Safer Information Society by Improving the
Security of Information Infrastructures and Combating Computer-related
Crime” (Communication from the European Commission)
[January 2001]Organizations:
-
Center for Education and Research in Information Assurance
and Security (CERIAS) (Purdue Univ.) -
SANS (System Administration, Networking, and Security)
InstituteGovernmental agencies:
-
National Infrastructure Protection Center (US)
CERTs:
-
AUSCERT (Australia)
-
CAIS (Brazil)
-
CanCERT (Canada)
-
CARNet CERT (Croatia)
-
CERT-IT (Italy)
-
CERT-NASK (Poland)
-
CERT-NL (Netherlands)
-
CERT Renater (France)
-
CERT-RU (Russia)
-
CN CERT (China)
-
DK-CERT (Denmark)
-
esCERT-UPC (Spain)
-
Funet CERT (Finland)
-
HK-CERT (Hong Kong S.A.R., China)
-
ID-CERT (Indonesia)
-
ISnet CERT (Iceland)
-
IT-ISAC (US)
-
JANET-CERT (United Kingdom)
-
JP-CERT (Japan)
-
KR-CERT (South Korea)
-
Litnet CERT (Lithuania)
-
MyCERT (Malaysia)
-
NIC BR Security Office (Brazil)
-
NORDUnet CERT (Nordic countries)
-
PakCERT (Pakistan)
-
RCCN-CERT (Portugal)
-
SI-CERT (Slovenia)
-
SingCERT (Singapore)
-
SUNET-CERT (Sweden)
-
SWITCH-CERT (Switzerland)
-
TW-CERT (Taiwan)
-
UNINETT CERT (Norway)