Table of Content

Open Access iconOpen Access

ARTICLE

crossmark

Blockzone: A Decentralized and Trustworthy Data Plane for DNS

Ning Hu1, Shi Yin1, Shen Su1, *, Xudong Jia1, Qiao Xiang2, Hao Liu3

1 Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China.
2 Department of Computer Science, Yale University, New Haven, 06520-8241, USA.
3 Qianxin Technology Group Co., Ltd., Beijing, China.

* Corresponding Author: Shen Su. Email: email.

Computers, Materials & Continua 2020, 65(2), 1531-1557. https://doi.org/10.32604/cmc.2020.010949

Abstract

The domain name system (DNS) provides a mapping service between memorable names and numerical internet protocol addresses, and it is a critical infrastructure of the Internet. The authenticity of DNS resolution results is crucial for ensuring the accessibility of Internet services. Hundreds of supplementary specifications of protocols have been proposed to compensate for the security flaws of DNS. However, DNS security incidents still occur frequently. Although DNS is a distributed system, for a specified domain name, only authorized authoritative servers can resolve it. Other servers must obtain the resolution result through a recursive or iterative resolving procedure, which renders DNS vulnerable to various attacks, such as DNS cache poisoning and distributed denial of service (DDoS) attacks. This paper proposes a novel decentralized architecture for a DNS data plane, which is called Blockzone. First, Blockzone utilizes novel mechanisms, which include on-chain authorization and off-chain storage, to implement a decentralized and trustworthy DNS data plane. Second, in contrast to the hierarchical authentication and recursive query of traditional DNS, Blockzone implements a decentralized operation model. This model significantly increases the efficiency of domain name resolution and verification and enhances the security of DNS against DDoS and cache poisoning attacks. In addition, Blockzone is fully compatible with the traditional DNS implementation and can be incrementally deployed as a plug-in service of DNS without changing the DNS protocol or system architecture. The Blockzone scheme can also be generalized to address security issues in other areas, such as the Internet of things and edge computing.

Keywords


Cite This Article

N. Hu, S. Yin, S. Su, X. Jia, Q. Xiang et al., "Blockzone: a decentralized and trustworthy data plane for dns," Computers, Materials & Continua, vol. 65, no.2, pp. 1531–1557, 2020.



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2426

    View

  • 1423

    Download

  • 0

    Like

Related articles

Share Link