The Domain Name System (DNS, [2]) has long been a critical part of the Internet infrastructure. The successful Denial-of-Service (DoS) attacks against Microsoft’s DNS servers in 2001 and the unsuccessful DoS attacks on the root name servers in 2002 have raised concerns about the vulnerability of the DNS. Operators responded by hardening the infrastructure, and using BGP anycast to replicate the root name servers, so such attacks would need to be larger today to be successful. Most recent large DoS attacks appear to have been financially motivated, and so the root and top-level name servers have not been a primary target. However, it is hard to predict the motivation of future attackers, so there is still concern that a very large DoS attack on these name servers could cause serious disruption. Thus it is worth investigating alternative ways to harden the DNS infrastructure against attack. This is the goal of our work. If we consider how DNS functions, it essentially comprises a single hierarchy that performs three functions:
[1]
Paul V. Mockapetris,et al.
Domain names: Concepts and facilities
,
1983,
RFC.
[2]
Jussi Kangasharju,et al.
A replicated architecture for the Domain Name System
,
2000,
Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).
[3]
Jon Crowcroft,et al.
The main name system: an exercise in centralized computing
,
2005,
CCRV.
[4]
권태경,et al.
SSL Protocol 기반의 서버인증
,
2003
.
[5]
Aravind Srinivasan,et al.
Resilient multicast using overlays
,
2003,
IEEE/ACM Transactions on Networking.