A CACHE-SPLITTING SCHEME FOR DNS RECURSIVE SERVER
Domain Name System (DNS) cache poisoning is a kind of computer hacking attack,whereby data are introduced into a DNS name servers cache database,causing the name server to return an incorrect IP address,diverting traffic to another computer (often controlled by the attacker).In this paper,a novel scheme is proposed in order to make the recursive server more intelligent to handle the cache poisoning attacks.The cache-splitting is adopted in the proposed scheme,in which the credible cache is used to maintain the trustful answers while the incredible cache is used to temporarily maintain the suspicious responses.After the possible attack disappears,the recursive server will resolute the names contained in the incredible cache once again and cache the new answers into the credible cache as usual.The analyzing results show that the recursive serer can handle the responses according to the actual conditions and make use of the caching to optimize the DNS resolutions at the same time.
DNS Cache poisoning
Zhiwei Yan Anlei Hu Wei Wang
China Internet Network Information Center,Computer Network Information Center,Chinese Academy of Sciences,Beijing 100190,China
国际会议
杭州
英文
1725-1729
2012-10-30(万方平台首次上网日期,不代表论文的发表时间)