Protecting BGP routes to top level DNS servers | IEEE Conference Publication | IEEE Xplore
Access provided by:

MIT Libraries

Sign Out
Access provided by:

MIT Libraries

Sign Out
ADVANCED SEARCH
Conferences >23rd International Conference...

Protecting BGP routes to top level DNS servers

PDF
Lan Wang; Xiaoliang Zhao; Dan Pei; R. Bush; D. Massey; A. Mankin
All Authors

Abstract:

The Domain Name System (DNS) is an essential part of the Internet infrastructure and provides fundamental services, such as translating host names into IP addresses for I...Show More

Metadata

Abstract:

The Domain Name System (DNS) is an essential part of the Internet infrastructure and provides fundamental services, such as translating host names into IP addresses for Internet communication. The DNS is vulnerable to a number of potential faults and attacks. In particular, false routing announcements can deny access to the DNS service or redirect DNS queries to a malicious impostor Due to the hierarchical DNS design, a single fault or attack against the routes to any of the top level DNS servers can disrupt Internet services to millions of users. In this paper we propose a path-filtering approach to protect the routes to the critical top level DNS servers. Our approach exploits the high degree of redundancy in top level DNS servers and also exploits the observation that popular destinations, including top level DNS servers, are well connected via stable routes. Our path-filter restricts the potential top level DNS server route changes to be within a set of established paths. Heuristics derived from routing operations are used to adjust the potential routes overtime. We tested our path-filtering design against BGP routing logs and the results show that the design can effectively ensure correct routes to top level DNS servers without impacting DNS service availability.
Published in: 23rd International Conference on Distributed Computing Systems, 2003. Proceedings.
Date of Conference: 19-22 May 2003
Date Added to IEEE Xplore: 11 June 2003
Print ISBN:0-7695-1920-2
Print ISSN: 1063-6927
DOI: 10.1109/ICDCS.2003.1203481
Conference Location: Providence, Rhode Island, USA
Contents

1 Introduction

The Domain Name System (DNS) [9] is an essential part of the Internet infrastructure. It provides the service of translating host names, such as www.cs.ucla.edu, into IP addresses that are used for data delivery. If an application fails to receive a reply for its DNS query, it is denied service. Worse still, if an application receives a reply that contains a wrong IP address, it will send data either to a black hole or to a machine selected by an attacker. Due to its hierarchical design, failure to reach all the 13 DNS root servers would cripple the entire DNS service and make all destinations unreachable by most applications. This potential vulnerability of the root servers is well known and has even been described in popular press articles [8]. In addition to the root servers, there are also 13 DNS servers for the generic top level domains (gTLDs) including com, net and org. The loss of reachability to these gTLD servers would also deny access to millions of destinations in com, net, and org name domains. In today's Internet, announcing a false route to DNS servers can easily lead to such faults or attacks.

Contact IEEE to Subscribe
More Like This
Protecting BGP routes to top-level DNS servers

IEEE Transactions on Parallel and Distributed Systems

Published: 2003

Maintaining Strong Cache Consistency for the Domain Name System

IEEE Transactions on Knowledge and Data Engineering

Published: 2007

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.