Recommendations and Best Practices for Configuring BGP and DNS Protocols

The BGP protocol allows the exchange of routing and network accessibility information (called prefixes) between the autonomous systems (AS) that make up the Internet infrastructure. Any actor with one or more AS (Internet transit service provider, Internet access provider, exchange point, etc.) thus contributes to the proper functioning of the Internet but also brings its share of specific vulnerabilities, notably those that allow “hackers” to hijack prefixes.

Furthermore, to facilitate web usage, the DNS service allows overcoming the difficulty of using the long series of digits that represent IP addresses by associating them with domain names. However, several cyberattacks (DNS ID Spoofing, DNS Cache Poisoning, etc.) allow hackers to link IP addresses of machines they control to real and valid names of public machines.

To counter these failures, this document details best practices related to the BGP and DNS protocols. National Internet actors should adopt these recommendations to anticipate, on the one hand, distributed denial of service (DDoS) attacks and, on the other hand, ensure the integrity and authenticity of DNS responses.

To report any criminal digital content, including threats to the security of individuals and groups, praise or incitement of terrorism, and violations of the rights and freedoms of children, please use the following platform : www.e-blagh.ma

DGSSI2024 All rights reserved