Fuzzy interest forwarding
Kevin Chan, Bongjun Ko, et al.
AINTEC 2017
The Domain Name System (DNS) is a critical Internet infrastructure that provides name to address mapping services. In the past few years, distributed denial of service (DDoS) attacks have targeted the DNS infrastructure and threaten to disrupt this critical service. In this paper we show that the existing DNS can gain significant resilience against DDoS attacks through a simple change to the current DNS operations, by setting longer time-to-live values for a special class of DNS resource records, the infrastructure records. These records are used to navigate the DNS hierarchy and change infrequently. Furthermore, in combination with a set of simple and incrementally deployable record renewal policies, the DNS service availability can be improved by one order of magnitude. Our approach requires neither additional physical resources nor any change to the existing DNS design. We evaluate the effectiveness of our proposed enhancement by using DNS traces collected from multiple locations. © 2007 IEEE.
Kevin Chan, Bongjun Ko, et al.
AINTEC 2017
Hao Yang, Starsky H. Y. Wongt, et al.
BROADNETS 2006
Michael Meisel, Vasileios Pappas, et al.
Computer Networks
Michael Meisel, Vasileios Pappas, et al.
MobiCom 2010