Domain Name Server (DNS) Protection Techniques
Agency / Branch:
DOD / ARMY
The Domain Name System (DNS) is a critical part of the internet infrastructure. It is a distributed data base that maps domain names (URL) on to their respective IP Address. DNS was designed for a trusted environment. Todayf?Ts malicious activity has reduced the trustworthiness of the DNS mapping. DNSSEC has been proposed as a secure alternative, but is not suited for all environments. For example, in the tactical environment DNSSEC implementations are particularly challenging. In this proposal we seek to evaluate and prototype a new DNS server f?" such server should have security close to DNSSEC and operational convenience similar to current DNS servers. Our research in Self Cleansing Intrusion Tolerance (SCIT) technology has yielded an Authoritative DNS server which meets this challenge, by resetting the server every minute or so. In this project we will evaluate alternate approaches and formulate an appropriate strategy for DNS servers that meet the above conditions for new DNS server. We will explore the authoritative and recursive DNS servers that are suitable for the Armyf?Ts environment. Although, we are motivated by SCIT in this project we will explore alternate approaches and formulate the best approach to meet the security and operational requirements.
Small Business Information at Submission:
SCIT Labs Inc
13834 Springstone Dr Clifton, VA 20124
Number of Employees: