Check out the new USENIX Web site. next up previous
Next: Acknowledgments Up: ConfiDNS: Leveraging Scale and Previous: Evaluation

Conclusion


We show that by using peer agreement and storing some past history, our new cooperative resolver, ConfiDNS, can provide better security than both traditional DNS resolvers as well as the previous cooperative approaches for the vast majority of domain names. This study also provides us with information on the real usage of DNS mappings, at a variety of domains ranging from small, singly-hosted sites to sophisticated replicated data centers with DNS redirection, and finally to commercial third-party content distribution networks. In all cases, we find that it is possible to leverage scale, history, or both, and provide a much more secure result than local DNS alone. All of these benefits are obtained without changing any server-side DNS infrastructure, making ConfiDNS incrementally deployable, requiring only a minimal agent running on either client machines or on client-side resolvers.




L. Poole
2006-09-08