ConfiDNS: Leveraging Scale and History to Detect Compromise

14 years 1 months ago

Download www.usenix.org

While cooperative DNS resolver systems, such as CoDNS, have demonstrated improved reliability and performance over standard approaches, their security has been weaker, since any corruption or misbehavior of a single resolver can easily propagate throughout the system. We address this weakness in a new system called ConfiDNS, which augments the cooperative lookup process with configurable policies that utilize multi-site agreement and per-site lookup histories. Not only does ConfiDNS provide better security than cooperative approaches, but for up to 99.8% of unique lookups, ConfiDNS exceeds the security of standard DNS resolvers. ConfiDNS provides these benefits while retaining the other benefits of CoDNS, such as incremental deployability, higher reliability, and improved performance, in some cases faster than CoDNS.

Lindsey Poole, Vivek S. Pai

Real-time Traffic

Cooperative Lookup Process | DNS Resolver Systems | DNS Resolvers | Operating System | USENIX 2008 |

claim paper

Post Info
More Details (n/a)

Added	02 Oct 2010
Updated	02 Oct 2010
Type	Conference
Year	2008
Where	USENIX
Authors	Lindsey Poole, Vivek S. Pai

Comments (0)

Sciweavers

ConfiDNS: Leveraging Scale and History to Detect Compromise

Cooperative Lookup Process | DNS Resolver Systems | DNS Resolvers | Operating System | USENIX 2008 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers