Alternate Architecture for Domain Name System to foil Distributed Denial of Service Attack

The Domain Name System is an important part of the Internet infrastructure and maps symbolic Domain Names to IP addresses. The DNS is a hierarchically arranged distributed database. At the top of the hierarchy is the root. The root is a single point of failure in the DNS architecture. It has been subject to variety of Denial of Service (DoS) attacks. Eliminating the root from this architecture eliminates the single point of failure. This involves storing the addresses of the top-level domain servers at the name servers, so that they can be reached without going through the root. In this paper we propose two architectures, both capable of foiling the DoS attack. The architectures differ in the capabilities of the clients and servers, and provide different cost-benefit tradeoffs. It has been found that a scheme that avoids a root server for name resolution and includes caching capabilities at the client itself, reduces bandwidth requirements, and improve! s response times, resilience to DoS attacks.