The Domain Name System (DNS) is perhaps one of the most widely used infrastructural software entities in the world. Built in a distributed manner. DNS can be simply explained as a mapping tool between human readable addresses and physical addresses. Ultimately. it acts much like a phone book. providing a means of associating a high-level understanding with a low-level representation.
However, the primary goal that motivated the design and implementation of such a mapping device was solely performance. The creators of DNS mainly focused on getting technical details right, leaving gaps for today's security and availability threats which were nonexistent at that time. As a result. DNS provides an insecure and unreliable mapping mechanism in today's environment that neither performs any checks on the origin of data, nor provides a solution better then simple replication in the face of benign or malicious server failures.
After the emergence of threats like man-in-the-middle attacks, distributed denial of service attacks, and server overloads, alarms have been sounding in the systems community
for a renovation of DNS. This need has given birth to several proposals to improve the security and availability in DNS. DNS Security Extensions (DNSSEC). Scalable Byzantine Fault Tolerant Secure DNS (SBFTSDNS), Cooperative DNS (CoDoNS), and Cooperative DNS Lookup System (CoDNS) are some of the most important steps taken to fix the current problems in DNS.
This thesis overviews these proposals for renovation in addition to a recent proposal based on cooperation between domain name servers, called ConfiDNS [1]. ConfiDNS does not dictate any change to the current setting of DNS; instead it intercepts name resolution activity between a client and a domain name server, and performs multiple simultaneous name lookup queries to multiple name servers in order to produce results (Internet Protocol Addresses) that are agreed upon by a pool of name servers. Further, the agreed results are stored for a history mechanism to operate on, in order to create direct paths to the source of content, and bypass problematic name servers during server failures. The key to availability on the client-side of DNS is the cooperative approach. which extends the classic primary-secondary replication scheme to a pool of name servers.
The primary statistics on the collected domain name resolution data show that for approximately 95% of the domain names this idea is applicable, while for the rest, which are mostly domain names served by content distribution networks, is not realistic due to the number and frequent variation of physical addresses
| Identifer | oai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/2211 |
| Date | 17 February 2010 |
| Creators | Yazir, Yağız Onat |
| Contributors | Coady, Yvonne |
| Source Sets | University of Victoria |
| Language | English, English |
| Detected Language | English |
| Type | Thesis |
| Rights | Available to the World Wide Web |
Page generated in 0.0022 seconds