A Reproduction of “A Longitudinal End-to-End View of the DNSSEC Ecosystem”
We reproduce the client-side results of Chung et al.’s “A Longitudinal End-to-End View of the DNSSEC Ecosystem”. Chung et al. explores the state of DNS Security Extensions (DNSSEC) infrastructure in both client and server implementations in 2017. DNSSEC, introduced in the 2000s, was a response to DNS security issues. Perhaps the most notable of these security issues is DNS cache poisoning, which is an exploit that “poisons” DNS lookup servers to divert traffic away from legitimate servers to malicious ones. This poisoning can effect any website on the internet that doesn’t implement DNSSEC since most every website that is not in the dark web relies on DNS for users to find their content. DNSSEC adoption increased over time, especially after highly publicized attacks like 2008’s Kaminsky attack. However, DNSSEC is a complex system, and security guarantees can only be assumed if all aspects of the system, on both the client and server side, are implemented correctly.