Title :
Enhanced secure dynamic DNS update with indirect route
Author :
Wilkinson, David ; Chow, C. Edward ; Cai, Yu
Author_Institution :
Dept. of Comput. Sci., Colorado Univ., Colorado Springs, CO, USA
Abstract :
In this paper, we present the design and implementation of the enhanced secure dynamic DNS update with indirect route (the IR DNS update). The existing DNS update may experience serious performance problem when the normal Internet route is unstable or unavailable due to DDoS attacks. By setting up indirect route via a set of proxy servers from the target side DNS server to the client side DNS server, the DNS zone data can be transported over Internet via the indirect routes to foil the DDoS attack. After the IR DNS update, the end users can get the indirect routing information by querying the DNS server, and set up indirect route to the target server accordingly. The IR DNS update is an essential part of the Secure Collective Defense (SCOLD) system, and it can be utilized independently as an extension to the existing DNS update utility. This technique can also be utilized to protect the root DNS servers from DDoS attacks. The implementation of the IR DNS update on BIND 9 is presented. The experimental results show that the IR DNS update can be used to improve the network security, availability and performance.
Keywords :
Internet; client-server systems; network servers; performance evaluation; telecommunication network routing; telecommunication security; DDoS attack; DNS server; IR DNS update; Internet; Secure Collective Defense system; domain name system; indirect route; network security; proxy server; Availability; Computer crime; Data security; Domain Name System; Internet; Network servers; Protection; Routing; Springs; Web server;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437836
