Design and implementation of an SDN-enabled DNS security framework

摘要

The Domain Name System (DNS) is suffering from the vulnerabilities exploited to launch the cache poisoning attack. Inspired by biodiversity, we design and implement a non-intrusive and tolerant secure architecture Multi-DNS (MDNS) to deal with it. MDNS consists of Scheduling Proxy and DNS server pool with heterogeneous DNSs in it. And the Scheduling Proxy dynamically schedules in DNSs to provide service in parallel and adopts the vote results from majority of DNSs to decide valid replies. And benefit from the centralized control of software defined networking (SDN), we implement a proof of concept for it. Evaluation results prove the validity and availability of MDNS and its intrusion/fault tolerance, while the average delay can be controlled in 0.3s.