Anycast Domain Name System

Building a Resilient and Scalable Anycast DNS System that can withstand DDoS attacks.

PDF Slides

Course ECS 235A: Computer and Information Security (UC Davis)

Instructor Prof. Matt Bishop

Team Muhamamd Hassnain, Zeerak Babar, Hezhi Xie, Erjie Zhang

Quarter Fall 2023

The Domain Name System (DNS) is a critical component of the Internet. It translates human-readable domain names into IP addresses that computers can understand. However, its centralized nature makes it vulnerable to Denial-of-Service (DoS) attacks, which can disrupt this essential service and cause widespread accessibility issues. This project introduces a novel distributed DNS framework that significantly enhances resilience against DoS attacks. By implementing a primary-secondary server replication strategy coupled with a load balancer, our system is designed to distribute traffic evenly across the network, thereby mitigating the impact of high-volume traffic on a single point of failure.We evaluated the efficacy of our distributed DNS system by comparing its performance with a traditional single-server DNS setup under a stress test of 50,000 requests in a short time. While the single-server system, running BIND9 with inherent DoS protections, exhibited intermittent downtimes under this load, our distributed model consistently achieved a 100 percent response rate, showcasing its robustness against intense DoS attacks.

Anycast DNS System
High-level architecture of the Anycast DNS System

For more details, please refer to the final report and presentation slides.