Cover page

Title: Enhanced Secure Dynamic DNS Update with Indirect Route

Author: David Wilkinson, C. Edward Chow and Yu Cai 

Department of Computer Science 
University of Colorado at Colorado Springs
Colorado Springs, CO 80933-7150, USA

Email: {dbwilkin, chow, ycai}@cs.uccs.edu

Abstract:
In this paper, we present the design and implementation of the enhanced secure dynamic DNS Update with indirect route (refer to as “the IR DNS update”). The existing DNS update may experience serious performance problem when the Internet transport route is unstable or unavailable due to DDoS attacks. By setting up indirect route via a set of proxy servers from the target side DNS server to the client side DNS server, the DNS zone data can be transported over Internet via the indirect routes to foil the DDoS attack. After the IR DNS update, the end users can get the indirect routing information by querying the DNS server, and set up indirect route to the target server. The IR DNS update is an essential part of the Secure COLlective Defense (SCOLD) system, but can also be utilized independently as an extension to the existing DNS update utility. This technique can also be utilized to protect the root DNS servers from DDoS attacks. The implementation of the IR DNS update on BIND 9 is presented. The experimental results show that the IR DNS update can be used to improve the network security, availability and performance.

Keyword: SCOLD, Secure DNS Update, Dynamic DNS Update, IR DNS Update, Indirect Route

Additional information:
Dr. Edward Chow will present this paper if it is accepted.

The paper belongs to the category of Emerging Concepts. This paper describes new paradigms or concepts that have not been fully tested or research for which results are incomplete.