Toward secure name resolution on the internet

Christian Grothoff, Matthias Wachs, Monika Ermert, Jacob Appelbaum

Research output: Contribution to journalArticleAcademicpeer-review

7 Citations (Scopus)


The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.

Original languageEnglish
Pages (from-to)694-708
Number of pages15
JournalComputers and Security
Publication statusPublished - 1 Aug 2018


  • Future Internet
  • Name resolution
  • Network architecture
  • Privacy
  • Technology and society


Dive into the research topics of 'Toward secure name resolution on the internet'. Together they form a unique fingerprint.

Cite this