This paper describes and analyzes a new mechanism to mitigate flooding Denial of Service (DoS) attacks against the Domain Name System (DNS). This mechanism is based on increasing the Time To Live (TTL) value of end-host IP addresses (DNS A records) when a name server is being overloaded with DoS attack traffic. This mechanism is most suitable for popular name servers providing authoritative DNS...

Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server. Some DNS recursive resolver operators want to prevent snooping of requests sent to DNS root servers by third parties. Such resolvers can greatly decrease the round-trip time and prevent observation of requests by running a copy of the full root zone on a loopback address (such as 127.0.0.1). T...

The domain name system (DNS) is one of the core services in today’s network structures. In local and ad-hoc networks DNS is often enhanced or replaced by mDNS. As of yet, no simulation models for DNS and mDNS have been developed for INET/OMNeT++. We introduce DNS and mDNS simulation models for OMNeT++, which allow researchers to easily prototype and evaluate extensions for these protocols. In a...

This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the DNS. This document describes the DNSSEC protocol modifications. This document defines the concept of a signed zone, along with the requireme...

This paper studies the DNS cache effects that occur on query distribution at the CN top-level domain (TLD) server. We first filter out the malformed DNS queries to purify the log data pollution according to six categories. A model for DNS resolution, more specifically DNS caching, is presented. We demonstrate the presence and magnitude of DNS cache effects and the cache sharing effects on the r...

In this thesis I describe my research activities and results of the last 4 years. I also provide an outlook and guidelines on how to proceed with our project, that we named SEDNS SecurityEnhanced Domain Name System. This project’s ambitions are to complement DNS, the Domain Name System, in a way that allows us to keep using it in the future. The main reason for this strategy is, that it has pro...

The hereditary dysplastic nevus syndrome (DNS) is a well-characterized disorder in which affected individuals have increased numbers of premalignant (dysplastic) nevi and a markedly increased risk of developing cutaneous melanoma. Seeking evidence of a systemic disorder in DNS, we examined the effect of ultraviolet radiation on cultured lymphoid cells. Epstein-Barr virus-transformed lymphoblast...

Every DNS security-aware resolver must have at least one Trust Anchor to use as the basis for validating responses from DNS signed zones. For various reasons, most DNS security-aware resolvers are expected to have several Trust Anchors. For some operations, manual monitoring and updating of Trust Anchors may be feasible, but many operations will require automated methods for updating Trust Anch...