The Availability and Security Implications of Glue in the Domain Name System
This work addresses critical availability and security issues in the fundamental DNS system, which is essential for Internet operations, and is incremental in providing new insights into an understudied configuration.
The paper tackles the lack of systematic analysis of DNS glue by providing the first extensive study, revealing widespread redundancies and vulnerabilities in glue records that impact DNS availability and security.
The Domain Name System (DNS) is one of the most fundamental components of the Internet. While glue is widely used and heavily relied on in DNS operations, there is little thinking about the necessity, complexity, and venerability of such prevalent configuration. This work is the first to provide extensive and systematic analysis of DNS glue. It discusses the availability implications of glue and proposes the minimum glue records in terms of availability. It also identifies the security vulnerabilities of glue as well as the limitations of current countermeasures. Measurements show the wide occurrences of glue redundancies and glue vulnerabilities.