ICANN DNS Security Reading List

I often get asked for background reading
on the Internet’s naming and address address allocation systems. So I’ve
started to pull together a collection of links to documents and sites that I’ve
found helpful in discussions about the security/integrity/resilience of the
Internet’s domain name system, along with some basic primers on Internet
architecture. Suggestions and recommendations are avidly invited —
particularly for non-US resources.

— Andrew

Internet Architecture

• The Internet’s Coming of Age (Committee on
  the Internet in the Evolving Information Infrastructure, Computer Science and
  Telecommunications Board, National Research Council) [2001]
  (Great in-depth introduction to how the Internet works & current issues
  of scaling, assuring integrity, robustness, etc.)

• RFC 1958: Architectural Principles of the Internet (B.
  Carpenter, editor) [June 1996]

  Domain Name System (DNS):

• RFC 1591: Domain Name System Structure and Delegation (J.
  Postel) [March 1994]

• RFC 1035: Domain Names – Implementation and Specification (P.
  Mockapetris) [November 1987]

• RFC 1034: Domain Names – Concepts and Facilities (P.
  Mockapetris) [November 1987]

• DNS and BIND: Chapter 11 – Security (P.
  Albitz and C. Liu) [O’Reilly, May 2001]

• Cricket Liu’s DNS Corner (Includes
  useful DNS Glossary and DNS Security pages)

  Root Name Servers:

• RFC 2870: Root Name Server Operational Requirements (R.
  Bush, et al.) [June 2000]

• Root Name Server Year 2000 Status (D.
  Conrad, et al.) [July 1999]

  Name Server Security:

• Securing An Internet Name Server (C. Liu)

  DNS Security Extensions (DNSSEC):

• RFC 3130: Notes from the State-Of-The-Technology: DNSSEC (E.
  Lewis) [June 2001]

• RFC 3090: DNS Security Extension Clarification on Zone
  Status (E. Lewis) [March 2001]

• RFC 2541: DNS Security Operational Considerations (D.
  Eastlake) [March 1999]

• RFC 2536: DSA KEYs and SIGs in the Domain Name System (DNS) (D.
  Eastlake) [March 1999]

• RFC 2535: Domain Name System Security Extensions (D.
  Eastlake) [March 1999]

• DNSSEC – Design & Structure (E. Lewis)
  [May 1999]

• “Securing the Domain Name System” (D.
  Davidowicz and P. Vixie) [Network Magazine, January 2000]

• DNS Security – An Introduction (B.
  Wellington) [NAI Labs, January 1999]

• NLNetLabs DNSSEC Resources page

  Very User-Friendly Introductions to the
  DNS:

• “How Domain Name Servers Work” (Marshall
  Brain)

  General Internet Security Resources:

• RFC 2828: Internet Security Glossary (R.Shirey)
  [May 2000]

• W3C World Wide Web Security FAQ [September
  2001]

• Security of the Internet (CERT) [1998]

• The Survivability Imperative: Protecting Critical Systems (R.
  Linger, et al.) [October 2000]

• Beyond Encryption (prepared by Marketa
  Morska, Office for the State Information System, Czech Republic, for the
  Information Society DG of the European Commission) [June 2000]

  Governmental Communications:

• Letter from U.S. Secretary of Commerce Donald L. Evans to
  Vint Cerf [October 2001]

• “Creating a Safer Information Society by Improving the
  Security of Information Infrastructures and Combating Computer-related
  Crime” (Communication from the European Commission)
  [January 2001]

  Organizations:

• Center for Education and Research in Information Assurance
  and Security (CERIAS) (Purdue Univ.)

• Forum for Incident Response and Security Teams

• Internet Engineering Task Force:

  • Security Area

  • Operations and Management Area

• IT-ISAC

• SANS (System Administration, Networking, and Security)
  Institute

  Governmental agencies:

• Computer Security Resource Center (US)

• Critical Infrastructure Assurance Office (US)

• National Infrastructure Protection Center (US)

  CERTs:

• AUSCERT (Australia)

• CAIS (Brazil)

• CanCERT (Canada)

• CARNet CERT (Croatia)

• CERT Coordination Center (US)

• CERT-IT (Italy)

• CERT-NASK (Poland)

• CERT-NL (Netherlands)

• CERT Renater (France)

• CERT-RU (Russia)

• CN CERT (China)

• DFN-CERT “Zentrum für
  sichere Netzdienste” GmbH (Germany)

• DK-CERT (Denmark)

• esCERT-UPC (Spain)

• Funet CERT (Finland)

• HK-CERT (Hong Kong S.A.R., China)

• ID-CERT (Indonesia)

• ISnet CERT (Iceland)

• IT-ISAC (US)

• JANET-CERT (United Kingdom)

• JP-CERT (Japan)

• KR-CERT (South Korea)

• Litnet CERT (Lithuania)

• MyCERT (Malaysia)

• NIC BR Security Office (Brazil)

• NORDUnet CERT (Nordic countries)

• PakCERT (Pakistan)

• RCCN-CERT (Portugal)

• SI-CERT (Slovenia)

• SingCERT (Singapore)

• SUNET-CERT (Sweden)

• SWITCH-CERT (Switzerland)

• TW-CERT (Taiwan)

• UNINETT CERT (Norway)