— The Domain Name System (DNS) provides a critical service for the Internet – mapping of user-friendly domain names to their respective IP addresses. Yet, there is no standard set of metrics quantifying the Quality of Domain Name Service or QoDNS, let alone a thorough evaluation of it. This paper attempts to fill this gap from the perspective of a DNS proxy/cache, which is the bridge between clients and authoritative servers. We present an analytical model of DNS proxy operations that offers insights into the design tradeoffs of DNS design and the selection of critical DNS parameters. After validating our model against simulation results, we extend it to study the impact of DNS cache poisoning attacks and evaluate various DNS proposals with respect to the QoDNS metrics. In particular, we compare the performance of two newly proposed DNS security solutions: one based on cryptography and one using collaborative overlays.