DNS Security Prehistory
Few technologies are more critical to the operation of the Internet than the Domain Name System (DNS). The initial design of DNS did not take security into consideration, which was not unusual for protocols designed in the early 1980s. At the time of its development, and for many years there after, DNS had functioned without many formal security mechanisms, thereby making it vulnerable to DNS spoofing and other malicious attacks.
Determining the Need for DNSSEC
[What drove the work? Big picture issues. Surely this includes the demonstrations of cache poisoning by Steve Bellovin and Tsutomu Shimomura in the early 1990s and the similar work by Dan Kaminsky in 2008, but it may include much other activity.]
(…)
Cache Poisoning
The earliest known security problem with DNS was DNS cache poisoning, also sometimes called DNS spoofing. DNS cache poisoning happens when a DNS server downstream from the authoritative one returns incorrect data to queries for names or IP addresses. This occurs because an attacker has ‘poisoned’ the cache of the downstream DNS server to return the malicious response. DNS cache poisoning is a subset of a group of problems computer scientists often classify as cache invalidation.
This problem, known to the Computer Science Research Group(CSRG) at U.C. Berkeley since 1989, was finally described in a paper by Steve Bellovin in 1993. Bellovin initially put off publishing the paper out of fear the information would be exploited.
(…)
Concern over DNS cache poisoning, specifically that the leak would become publicly known, existed from 1989 to 1995.