Title :
HARD-DNS: Highly-Available Redundantly-Distributed DNS
Author :
Gutierrez, Carlos ; Krishnan, Rajesh ; Sundaram, Ravi ; Zhou, Fangfei
Author_Institution :
Sci. Syst. Co., Inc., Woburn, MA, USA
fDate :
Oct. 31 2010-Nov. 3 2010
Abstract :
The DNS or Domain Name System is a critical piece of the Internet infrastructure. In recent times there have been numerous attacks on DNS, the Kaminsky attack being one of the more insidious ones. Current solutions to the problem involve patching the DNS software (Bind) and/or using DNSSEC. Unfortunately, these are forklift upgrades of the DNS infrastructure and are not always feasible especially in sensitive and critical installations. We propose and develop the architecture for HARD-DNS - a turn-key bolt-on solution with no client-side change. We utilize a separate distributed network, HARD-DNS, which is architected for greater resilience to DDoS (Distributed Denial of Service) attacks. We employ quorum techniques to increase tolerance to cache poisoning and we protect the connection between the resolvers and HARD-DNS by a technique we call IP-cloaking. We present theoretical analysis and experimental evaluation to validate the feasibility of our approach.
Keywords :
Internet; security of data; DNS software; IP-cloaking technique; Internet infrastructure; cache poisoning; distributed denial-of-service attack; domain name system; highly-available redundantly-distributed DNS; quorum techniques; Computer crime; Domain Name System; IP networks; Internet; Servers; Software; Architecture; CDN (Content Delivery Network); DNS (Domain Name System); DoS (Denial of Service); Internet; Security;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2010 - MILCOM 2010
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4244-8178-1
DOI :
10.1109/MILCOM.2010.5680131
