Abstract
Many network applications depend on the security of the domain name system (DNS). Attacks on DNS can cause denial of service and entity authentication to fail. In our approach, we use formal specifications to characterize DNS clients and DNS name servers, and to define a security goal: A name server should only use DNS data that is consistent with data from name servers that manage the corresponding domains (i.e., authoritative name servers). To enforce the security goal, we formally specify a DNS wrapper that examines the incoming and outgoing DNS messages of a name server to detect messages that could cause violations of the security goal, cooperates with the corresponding authoritative name servers to diagnose those messages, and drops the messages that are identified as threats. Based on the wrapper specification, we implemented a wrapper prototype and evaluated its performance. Our experiments show that the wrapper incurrs reasonable overhead and is effective against DNS attacks such as cache poisoning and certain spoofing attacks.