Improving Robustness of DNS to Software Vulnerabilities

The ability to forward packets on the Internet is highly intertwined with the availability and robustness of the Domain Name System (DNS) infrastructure. Unfortunately, the DNS suffers from a wide variety of problems arising from implementation errors, including vulnerabilities, bogus queries, and proneness to attack. In this work, we present a preliminary design and early prototype implementation of a system that leverages diversified replication to increase tolerance of DNS to implementation errors. Our design leverages software diversity by running multiple redundant copies of software in parallel, and leverages data diversity by replicating requests to multiple redundant servers. Using traces of DNS queries, we demonstrate our design can keep up with the loads of a large university's DNS traffic, while improving resilience of DNS.

Author(s):

Ahmed Khurshid    
University of Illinois at Urbana-Champaign
United States

Firat Kiyak    
University of Illinois at Urbana-Champaign
United States

Matthew Caesar    
University of Illinois at Urbana-Champaign
United States