Volume 10 - Issue 2
DCG: A Client-side Protection Method for DNS Cache
- Yan Zhao
Guangzhou University, Guangzhou, 510006 China
2111906107@e.gzhu.edu.cn
- Ning Hu
Guangzhou University, Guangzhou, 510006 China
huning@e.gzhu.edu.cn
- Chi Zhang
Guangzhou University, Guangzhou, 510006 China
2111906100@e.gzhu.edu.cn
- Xinda Cheng
Guangzhou University, Guangzhou, 510006 China
2111906003@e.gzhu.edu.cn
Keywords: DNS Security, DNS spoofing, Cache Verification
Abstract
Domain name system provides resolution services between domain names and IP addresses for internet
applications and it is the backbone of the modern internet. Since the security of domain name
system is critical to the internet, a large number of solutions have emerged. Unfortunately, most of
these works are focused on server-side protection, but few solutions for client protection. Because
the server-side solution cannot guarantee that the client uses a trusted domain name, this paper proposes
a client-side protection method for domain name system cache. Our solution monitors the
local cache of domain name system in real time and asynchronously verifies the authenticity of each
name resolution result through a trusted third party. Experimental results show that our method can
resist domain name poisoning attacks against clients. And our solution is fully compatible with the
existing domain name system, and has good incremental deployment capabilities.