1 Introduction
The Domain Name System (DNS) [9] is an essential part of the Internet infrastructure. It provides the service of translating host names, such as www.cs.ucla.edu, into IP addresses that are used for data delivery. If an application fails to receive a reply for its DNS query, it is denied service. Worse still, if an application receives a reply that contains a wrong IP address, it will send data either to a black hole or to a machine selected by an attacker. Due to its hierarchical design, failure to reach all the 13 DNS root servers would cripple the entire DNS service and make all destinations unreachable by most applications. This potential vulnerability of the root servers is well known and has even been described in popular press articles [8]. In addition to the root servers, there are also 13 DNS servers for the generic top level domains (gTLDs) including com, net and org. The loss of reachability to these gTLD servers would also deny access to millions of destinations in com, net, and org name domains. In today's Internet, announcing a false route to DNS servers can easily lead to such faults or attacks.