Sciweavers

DSN
2007
IEEE

Enhancing DNS Resilience against Denial of Service Attacks

14 years 7 months ago
Enhancing DNS Resilience against Denial of Service Attacks
The Domain Name System (DNS) is a critical Internet infrastructure that provides name to address mapping services. In the past few years, distributed denial of service (DDoS) attacks have targeted the DNS infrastructure and threaten to disrupt this critical service. In this paper we show that the existing DNS can gain significant resilience against DDoS attacks through a simple change to the current DNS operations, by setting longer time-to-live values for a special class of DNS resource records, the infrastructure records. These records are used to navigate the DNS hierarchy and change infrequently. Furthermore, in combination with a set of simple and incrementally deployable record renewal policies, the DNS service availability can be improved by one order of magnitude. Our approach requires neither additional physical resources nor any change to the existing DNS design. We evaluate the effectiveness of our proposed enhancement by using DNS traces collected from multiple locations....
Vasileios Pappas, Daniel Massey, Lixia Zhang
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where DSN
Authors Vasileios Pappas, Daniel Massey, Lixia Zhang
Comments (0)