Protecting BGP Routes to Top Level DNS Servers

  • Authors:
  • Lan Wang;Xiaoliang Zhao;Dan Pei;Randy Bush;Daniel Massey;Allison Mankin;S. Felix Wu;Lixia Zhang

  • Affiliations:
  • -;-;-;-;-;-;-;-

  • Venue:
  • ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
  • Year:
  • 2003

Quantified Score

Hi-index 0.00

Visualization

Abstract

The Domain Name System (DNS) is an essential part ofthe Internet infrastructure and provides fundamental services,such as translating host names into IP addresses forInternet communication. The DNS is vulnerable to a numberof potential faults and attacks. In particular, false routingannouncements can deny access to the DNS service orredirect DNS queries to a malicious impostor. Due to thehierarchical DNS design, a single fault or attack againstthe routes to any of the top level DNS servers can disruptInternet services to millions of users. In this paper we proposea path-filtering approach to protect the routes to thecritical top level DNS servers. Our approach exploits thehigh degree of redundancy in top level DNS servers andalso exploits the observation that popular destinations, includingtop level DNS servers, are well connected via stableroutes. Our path-filter restricts the potential top levelDNS server route changes to be within a set of establishedpaths. Heuristics derived from routing operations are usedto adjust the potential routes over time. We tested our path-filteringdesign against BGP routing logs and the resultsshow that the design can effectively ensure correct routes totop level DNS servers without impacting DNS service availability.