HARD-DNS: Highly-Available Redundantly-Distributed DNS

Author

Gutierrez, Carlos ; Krishnan, Rajesh ; Sundaram, Ravi ; Zhou, Fangfei

Author_Institution

Sci. Syst. Co., Inc., Woburn, MA, USA

fYear

2010

fDate

Oct. 31 2010-Nov. 3 2010

Firstpage

1343

Lastpage

1348

Abstract

The DNS or Domain Name System is a critical piece of the Internet infrastructure. In recent times there have been numerous attacks on DNS, the Kaminsky attack being one of the more insidious ones. Current solutions to the problem involve patching the DNS software (Bind) and/or using DNSSEC. Unfortunately, these are forklift upgrades of the DNS infrastructure and are not always feasible especially in sensitive and critical installations. We propose and develop the architecture for HARD-DNS - a turn-key bolt-on solution with no client-side change. We utilize a separate distributed network, HARD-DNS, which is architected for greater resilience to DDoS (Distributed Denial of Service) attacks. We employ quorum techniques to increase tolerance to cache poisoning and we protect the connection between the resolvers and HARD-DNS by a technique we call IP-cloaking. We present theoretical analysis and experimental evaluation to validate the feasibility of our approach.

Keywords

Internet; security of data; DNS software; IP-cloaking technique; Internet infrastructure; cache poisoning; distributed denial-of-service attack; domain name system; highly-available redundantly-distributed DNS; quorum techniques; Computer crime; Domain Name System; IP networks; Internet; Servers; Software; Architecture; CDN (Content Delivery Network); DNS (Domain Name System); DoS (Denial of Service); Internet; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

MILITARY COMMUNICATIONS CONFERENCE, 2010 - MILCOM 2010

Conference_Location

San Jose, CA

ISSN

2155-7578

Print_ISBN

978-1-4244-8178-1

Type

conf

DOI

10.1109/MILCOM.2010.5680131

Filename

5680131