As one of the most important Internet infrastructures,domain name system(DNS)is vulnerable to various attacks,and the issue of DNS security has received critical attention.However,most of the existing DNS security enh...As one of the most important Internet infrastructures,domain name system(DNS)is vulnerable to various attacks,and the issue of DNS security has received critical attention.However,most of the existing DNS security enhancements have encountered great difficulties in the process of popularization.The main reason is that these enhancement measures usually focus on the server side,thus requiring changes to existing DNS protocol or architecture,while modifying the Internet infrastructure is inherently hard.Noticing that the range of domain name frequently visited by a single user is much smaller than the entire domain system,in this paper we propose the idea of personal DNS agent(P-DNS),which migrates DNS security from servers to user terminals and can be applied without changing the current DNS infrastructure.P-DNS takes advantage of static and dynamic redundancy to enhance DNS security.Specifically,in the static redundancy phase,P-DNS improves the resolution efficiency by utilizing resolution results cached in LDAP.While in the dynamic redundancy stage,F-DNS improves the reliability of resolution results by querying multiple recursive name servers(RNSs).Simulation results show that our proposed architecture can effectively improve DNS security performance and greatly reduce the additional delay caused by redundancy.展开更多
基金supported by the National Key R&D Program of China under Grant 2018YFA0701600.
文摘As one of the most important Internet infrastructures,domain name system(DNS)is vulnerable to various attacks,and the issue of DNS security has received critical attention.However,most of the existing DNS security enhancements have encountered great difficulties in the process of popularization.The main reason is that these enhancement measures usually focus on the server side,thus requiring changes to existing DNS protocol or architecture,while modifying the Internet infrastructure is inherently hard.Noticing that the range of domain name frequently visited by a single user is much smaller than the entire domain system,in this paper we propose the idea of personal DNS agent(P-DNS),which migrates DNS security from servers to user terminals and can be applied without changing the current DNS infrastructure.P-DNS takes advantage of static and dynamic redundancy to enhance DNS security.Specifically,in the static redundancy phase,P-DNS improves the resolution efficiency by utilizing resolution results cached in LDAP.While in the dynamic redundancy stage,F-DNS improves the reliability of resolution results by querying multiple recursive name servers(RNSs).Simulation results show that our proposed architecture can effectively improve DNS security performance and greatly reduce the additional delay caused by redundancy.