|Jeitner, P.; Shulman, H.; Waidner, M.
|Many applications and protocols depend on the ability to generate a pool of servers to conduct majority-based consensus mechanisms and often this is done by doing plain DNS queries. A recent off-path attack  against NTP and security enhanced NTP with Chronos  showed that relying on DNS for generating the pool of NTP servers introduces a weak link. In this work, we propose a secure, backward-compatible address pool generation method using distributed DNS-over-HTTPS (DoH) resolvers which is aimed to prevent such attacks against server pool generation.
|International Conference on Dependable Systems and Networks (DSN) 2020