Protecting BGP Routes to Top Level DNS Servers

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Lan Wang Articles by Xiaoliang Zhao Articles by Dan Pei Articles by Randy Bush Articles by Daniel Massey Articles by Allison Mankin Articles by S. Felix Wu Articles by Lixia Zhang

23rd IEEE International Conference on Distributed Computing Systems (ICDCS'03)

Providence, Rhode Island

May 19-May 22

ISBN: 0-7695-1920-2

	ASCII Text	x
	Lan Wang, Xiaoliang Zhao, Dan Pei, Randy Bush, Daniel Massey, Allison Mankin, S. Felix Wu, Lixia Zhang, "Protecting BGP Routes to Top Level DNS Servers," Distributed Computing Systems, International Conference on, pp. 322, 23rd IEEE International Conference on Distributed Computing Systems (ICDCS'03), 2003.

	BibTex	x
	@article{ 10.1109/ICDCS.2003.1203481, author = {Lan Wang and Xiaoliang Zhao and Dan Pei and Randy Bush and Daniel Massey and Allison Mankin and S. Felix Wu and Lixia Zhang}, title = {Protecting BGP Routes to Top Level DNS Servers}, journal ={Distributed Computing Systems, International Conference on}, volume = {0}, year = {2003}, issn = {1063-6927}, pages = {322}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCS.2003.1203481}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems, International Conference on TI - Protecting BGP Routes to Top Level DNS Servers SN - 1063-6927 SP EP A1 - Lan Wang, A1 - Xiaoliang Zhao, A1 - Dan Pei, A1 - Randy Bush, A1 - Daniel Massey, A1 - Allison Mankin, A1 - S. Felix Wu, A1 - Lixia Zhang, PY - 2003 KW - fault-tolerance KW - DNS infrastructure protection KW - route hijacking KW - BGP path filtering VL - 0 JA - Distributed Computing Systems, International Conference on ER -

Lan Wang, UCLA

Xiaoliang Zhao, USC/ISI

Dan Pei, UCLA

Randy Bush, IIJ

Daniel Massey, USC/ISI

Allison Mankin, Bell Labs

S. Felix Wu, UC Davis

Lixia Zhang, UCLA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCS.2003.1203481

The Domain Name System (DNS) is an essential part of the Internet infrastructure and provides fundamental services, such as translating host names into IP addresses for Internet communication. The DNS is vulnerable to a number of potential faults and attacks. In particular, false routing announcements can deny access to the DNS service or redirect DNS queries to a malicious impostor. Due to the hierarchical DNS design, a single fault or attack against the routes to any of the top level DNS servers can disrupt Internet services to millions of users. In this paper we propose a path-filtering approach to protect the routes to the critical top level DNS servers. Our approach exploits the high degree of redundancy in top level DNS servers and also exploits the observation that popular destinations, including top level DNS servers, are well connected via stable routes. Our path-filter restricts the potential top level DNS server route changes to be within a set of established paths. Heuristics derived from routing operations are used to adjust the potential routes over time. We tested our path-filtering design against BGP routing logs and the results show that the design can effectively ensure correct routes to top level DNS servers without impacting DNS service availability.

Index Terms:

fault-tolerance, DNS infrastructure protection, route hijacking, BGP path filtering

Citation:

Lan Wang, Xiaoliang Zhao, Dan Pei, Randy Bush, Daniel Massey, Allison Mankin, S. Felix Wu, Lixia Zhang, "Protecting BGP Routes to Top Level DNS Servers," icdcs, pp.322, 23rd IEEE International Conference on Distributed Computing Systems (ICDCS'03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.