Enhancing DNS Resilience against Denial of Service Attacks

Edinburgh, UK June 25-June 28

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2007.42

37th Annual IEEE/IFIP International C ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Vasileios Pappas Articles by Dan Massey Articles by Lixia Zhang

	ASCII Text	x
	Vasileios Pappas, Dan Massey, Lixia Zhang, "Enhancing DNS Resilience against Denial of Service Attacks," Dependable Systems and Networks, International Conference on, pp. 450-459, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), 2007.

	BibTex	x
	@article{ 10.1109/DSN.2007.42, author = {Vasileios Pappas and Dan Massey and Lixia Zhang}, title = {Enhancing DNS Resilience against Denial of Service Attacks}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2855-4}, pages = {450-459}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2007.42}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Enhancing DNS Resilience against Denial of Service Attacks SN - 0-7695-2855-4 SP450 EP459 A1 - Vasileios Pappas, A1 - Dan Massey, A1 - Lixia Zhang, PY - 2007 KW - DDoS KW - DNS KW - resilience KW - caching VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Vasileios Pappas, T.J. Watson Center, IBM Research

Dan Massey, Colorado State University, USA

Lixia Zhang, UCLA, USA

The Domain Name System (DNS) is a critical Internet infrastructure that provides name to address mapping services. In the past few years, distributed denial of service (DDoS) attacks have targeted the DNS infrastructure and threaten to disrupt this critical service. In this paper we show that the existing DNS can gain significant resilience against DDoS attacks through a simple change to the current DNS operations, by setting longer time-to-live values for a special class of DNS resource records, the infrastructure records. These records are used to navigate the DNS hierarchy and change infrequently. Furthermore, in combination with a set of simple and incrementally deployable record renewal policies, the DNS service availability can be improved by one order of magnitude. Our approach requires neither additional physical resources nor any change to the existing DNS design. We evaluate the effectiveness of our proposed enhancement by using DNS traces collected from multiple locations.

Index Terms:

DDoS, DNS, resilience, caching

Citation:

Vasileios Pappas, Dan Massey, Lixia Zhang, "Enhancing DNS Resilience against Denial of Service Attacks," dsn, pp.450-459, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.