Proceedings »
Improving Robustness of DNS to Software Vulnerabilities
Final 491KB |
Ahmed Khurshid
University of Illinois at Urbana-Champaign
United States
Firat Kiyak
University of Illinois at Urbana-Champaign
United States
Matthew Caesar
University of Illinois at Urbana-Champaign
United States
Abstract:
The ability to forward packets on the Internet is highly intertwined with the availability and robustness of the Domain Name System (DNS) infrastructure. Unfortunately, the DNS suffers from a wide variety of problems arising from implementation errors, including vulnerabilities, bogus queries, and proneness to attack. In this work, we present a preliminary design and early prototype implementation of a system that leverages diversified replication to increase tolerance of DNS to implementation errors. Our design leverages software diversity by running multiple redundant copies of software in parallel, and leverages data diversity by replicating requests to multiple redundant servers. Using traces of DNS queries, we demonstrate our design can keep up with the loads of a large university's DNS traffic, while improving resilience of DNS.