A Centralized Monitoring Infrastructure for Improving DNS Security
Researchers have recently noted the potential of fast poisoning attacks against DNS servers, which allows attackers to easily manipulate records in open recursive DNS resolvers. A vendor-wide upgrade mitigated but did not eliminate this attack. Further, existing DNS protection systems, including bailiwick-checking and IDS-style filtration, do not stop this type of DNS poisoning. The authors therefore propose Anax, a DNS protection system that detects poisoned records in cache. Their system can observe changes in cached DNS records, and applies machine learning to classify these updates as malicious or benign.