Limiting replay vulnerabilities in DNSSEC

The DNS security extensions (DNSSEC) added public key cryptography to the DNS, but problems remain in selecting signature lifetimes. A zonepsilas master server distributes signatures to secondary servers. The signatures lifetimes should be long so that a secondary server can still operate if the master fails. However, DNSSEC lacks revocation. Signed data can be replayed until the signature expires and thus zones should select a short signature lifetime. Operators must choose between reduced robustness or long replay vulnerability windows. This paper introduces a revised DNSSEC signature that allows secondary servers to operate even if the master has failed while simultaneously limiting replay windows to twice the TTL. Each secondary server constructs a hash chain and relays the hash chain anchor to the master server. The signature produced by the master server ensures the authenticity of the hash anchor and the DNS data. A secondary server includes both the signature and a hash chain value used by resolvers to limit signature replay. Our implementation shows the added costs are minimal compared to DNSSEC and ensures robustness against long-term master server failures. At the same time, we limit replay to twice the record TTL value.