Protecting DNS From Routing Attacks: A Comparison of Two Alternative Anycast Implementations

Download Now Free registration required

Executive Summary

DNS is a critical piece of the Internet supporting the majority of Internet applications. Because it is organized in a hierarchy, its correct operation is dependent on the availability of a small number of servers at the upper levels of the hierarchy. These backbone servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space. Using routing attacks in this way, an adversary can compromise the Internet's availability and integrity at a global scale. This paper evaluates the relative resilience to routing attacks of two alternative anycast implementations of DNS, the first operating at the network layer and the second operating at the application layer.

  • Format: PDF
  • Size: 107.5 KB