Title :
Secure distributed DNS
Author :
Cachin, Christian ; Samar, Asad
Author_Institution :
IBM Res., Ruschlikon, Switzerland
fDate :
28 June-1 July 2004
Abstract :
A correctly working domain name system (DNS) is essential for the Internet. Due to its significance and because of deficiencies in its current design, the DNS is vulnerable to a wide range of attacks. This paper presents the design and implementation of a secure distributed name service on the level of a DNS zone. Our service is able to provide fault tolerance and security even in the presence of a fraction of corrupted name servers, avoiding any single point of failure. It further solves the problem of storing zone secrets online without leaking them to a corrupted server, while still supporting secure dynamic updates. Our service uses state-machine replication and threshold cryptography. We present results from experiments performed using a prototype implementation on the Internet in realistic setups. The results show that our design achieves the required assurances while servicing the most frequent requests in reasonable time.
Keywords :
Internet; cryptography; fault tolerant computing; naming services; Internet; cryptography; distributed DNS; distributed name service; domain name system; fault tolerance; state-machine replication; Cryptography; Domain Name System; Fault tolerance; Information retrieval; Laboratories; Master-slave; Protection; Prototypes; Web and internet services; Web server;
Conference_Titel :
Dependable Systems and Networks, 2004 International Conference on
Print_ISBN :
0-7695-2052-9
DOI :
10.1109/DSN.2004.1311912
