Proactive Caching of DNS Records: Addressing a Performance Bottleneck
SAINT '01 Proceedings of the 2001 Symposium on Applications and the Internet (SAINT 2001)
Impact of configuration errors on DNS robustness
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
ConfiDNS: leveraging scale and history to improve DNS security
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Understanding implications of DNS zone provisioning
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Hi-index | 0.00 |
The DNS is a cornerstone of the Internet. Unfortunately, no matter how securely an organization provisions and guards its own DNS infrastructure, it is at the mercy of others' provisioning when it comes to resolutions its resolvers perform on behalf of its clients - even one compromised DNS server in the Internet can mislead an organization's clients to fake look-alike phishing Web sites or malware-serving sites, among other things. In this paper, we propose a self-defense mechanism where the DNS resolvers collect a small amount of additional information for the DNS responses they receive and maintain a history of previous responses to guard their clients against misleading information from compromised DNS servers in the Internet. Any organization can choose to enhance its resolvers with our mechanism unilaterally, unlike DNSSEC, which can ensure correctness of information only if the remote DNS server deploys it.