Enhancing DNS Resilience against Denial of Service Attacks
Abstract
The Domain Name System (DNS) is a critical Internet
infrastructure that provides name to address mapping services.
In the past few years, distributed denial of service
(DDoS) attacks have targeted the DNS infrastructure and
threaten to disrupt this critical service. In this paper we
show that the existing DNS can gain significant resilience
against DDoS attacks through a simple change to the current
DNS operations, by setting longer time-to-live values
for a special class of DNS resource records, the infrastructure
records. These records are used to navigate the
DNS hierarchy and change infrequently. Furthermore, in
combination with a set of simple and incrementally deployable
record renewal policies, the DNS service availability
can be improved by one order of magnitude. Our approach
requires neither additional physical resources nor
any change to the existing DNS design. We evaluate the
effectiveness of our proposed enhancement by using DNS
traces collected from multiple locations.
Keywords: DDoS, DNS, resilience, caching
1 Introduction
The Domain Name System (DNS) [16] provides name
services for the Internet. It maps hostnames to IP addresses
and also provides services for a growing number of other
applications, such as mapping IP addresses to geographic
locations or directory services for legacy telephony applications.
Furthermore, protocols such as SMTP and SIP depend
on the DNS in order to route messages through appropriate
application level gateways. As a result, the availability
of the DNS can affect the availability of a large number
of Internet applications. Ensuring the DNS data availability
is an essential part of prov...
... middle of paper ...
...weil, D. Massey, and L. Zhang. Improving
DNS Service Availability by Using Long TTL Values. Internet
Draft, 2006.
[19] K. Parka, V. Pai, L. Peterson, and Z. Wang. CoDNS: Improving
DNS Performance and Reliability via Cooperative Lookups. In Proceedings
of OSDI, 2004.
[20] V. Ramasubramanian and E. Sirer. The Design and Implementation
of a Next Generation Name Service for the Internet. In Proceedings
of SIGCOMM, pages 331–342, 2004.
[21] H. Yang, H. Luo, Y. Yang, S. Lu, and L. Zhang. HOURS: Achieving
DoS Resilience in an Open Service Hierarchy. In Proceedings of
DSN, pages 83–93, 2004.
37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07)
0-7695-2855-4/07 $20.00 © 2007
Authorized licensed use limited to: WICHITA STATE UNIVERSITY LIBRARIES. Downloaded on March 01,2010 at 12:23:24 EST from IEEE Xplore. Restrictions apply.
Weng, Y., Kuo, K.N., Yang, C., Lo, H., Chen, C., & Ya-Wen, C. (2013). Implementation
Serway, Raymond A., and Robert J. Beichner. Physics for Scientists and Engineers, Fifth edition. Thomson Learning Inc. U.S.A., 2000.
Flinders, P. and Holman, K. and others, (2012) AA100 'Tutorial Forum Book 3, Weeks, 1 and 2' – Benin , online at http://learn.open.ac.uk/mod/forum/discuss.php?d=900850, accessed between 4 and 17 February, 2015.
Price, Darby. “Takaki Ch. 1, 4, 5” Engineering Building Room 343, San Jose. 24 February. 2014. Lecture.
Denial of Service attacks (DoS) or Distributed Denial of Service Attacks (DDoS), have been around for many years, but only in the past few years have the frequency and magnitude of these attacks increased. They are a significant problem because they can shut an organization off from the Internet for extended periods of time and little can be done to stop them. DoS attacks occur when computer resources become unavailable to legitimate users after being exhausted by false requests for information (Houle and Weaver 1).
Computer Society Institute of Electrical and Electronics Engineers (2005). 1012 - IEEE standard for software verification and validation ; IEEE Std 1012-2004 (revision of IEEE Std 1012-1998). New York, NY: IEEE,
Within the last decade, the internet has proven to be the most efficient way to complete tasks in today’s society. Every major business in today’s society relies on the internet to conduct business. Though the internet is a useful tool, our reliability on it opens up the door for cyber-attacks that can be detrimental to business as a whole. One example of a cyber-attacks that have recently started becoming more prevalent are DDoS attacks. Recently, DDoS attacks have been a rising issue for businesses owners who run their own servers, such as video game companies and other high profile web servers, including banks and other credit card payment gateways.
Internet technology has extended to greater degree than it is believed to be. It has become an inevitable part of our lives and we rely totally on the internet for our daily necessities. Internet is a highly unbounded vast network of networks. As Internet keeps growing, there are new threats evolving thus increasing the need to develop and tighten security measures to ensure the protection of it. There are many challenges faced by Internet, Distributed denial of Service is the critical concern for Internet, particularly to internet commerce. Distributed Denial of Service attacks can cause infrastructure problems and can disrupt communications on international level. Access denial to information by attacking the network in illicit way has become common nowadays. In this paper, we will discuss about how to detect and defend network service from the Denial of Service (DioS) and Distributed Denial of Service attack (DDioS).
Barbara Mowat and Paul Warstine. New York: Washington Press, 1992. Slethaug, Gordon. A. See "Lecture Notes" for ENGL1007.
MATLAB is a high-level technical computing language and interactive environment for algorithm development, data visualization, data analysis, and numeric computation. Using the MATLAB product, technical computing problems can be solved faster than with traditional programming languages, such as C, C++ and FORTRAN. It is used in a wide range of applications, including signal and image processing, communications, control design, test and measurement, nancial modeling and analysis. Add-on toolboxes (collections of special purpose MATLAB functions, available separately) extend the MATLAB environment to solve particular classes of problems in these application areas. MATLAB provides a number of features for documentary work. MATLAB code can be integrated with other languages and applications, and gives out various new algorithms and applications. Its features
5. Philip R. Ross* and Stephan A. G. Wensveen: Department of Industrial Design, Eindhoven University of Technology, Eindhoven, the Netherlands
University of California, Berkely. UC Berkely News Center. 1 July 2010. 30 March 2012 .
The area of Integrated Circuits and Systems fascinated me when I came across it the first time in my sophomore year of undergraduate academic curriculum. The theoretical courses and the lab work relevant to this area which I have undergone during these three years enhanced my interest and played a substantial role in moulding my skills. The never ceasing desire to know more beyond what the book tells me, and indulge in work apart from my prescribed regular course work motivated me take up various research internships and projects, workshops and technical competitions on the non-academic front. My first project, in my sophomore year at NIT Trichy, was a basic MATLAB/Simulink Design of Dynamic and Steady state analysis of Self Excited Induction Generator. This ...
The Domain Name System (DNS) is a distributed, hierarchical database of Internet name and address information. The purpose of the DNS is to resolve, or map, the names of host computers to numerical IP (Internet Protocol) addresses. Every computer connected to the Internet has its own unique IP address. The IP address is a 32-bit number that is conventionally presented in dotted decimal form divided into four binary octets. The domain name is an alphanumerical name that corresponds to the IP address. The founders of the Internet introduced the concept of domain names because alphanumerical names are easier for humans to understand and remember than relatively long, meaningless IP addresses.
Taylor, KH., 2011. Beware text next from too much gadget use . [online] (Last updated 5.40 PM on 10th July 2012). Available at: [Accessed on 16 November 2013]