DNS Attack Prevention and Defence

Our second strategy is to develop and produce a written plan identifying specific technologies that can be adopted and implemented in all Member States, or individually, that will aid in the prevention and defence of malicious, sophisticated attacks on the DNS infrastructure.

Technologies have been developed, or are being tested, that would significantly aid in the prevention and defence of malicious attacks against the DNS and information infrastructure. Anycast capabilities are an example of a technology, which, if properly implemented by ccTLD registries, ISPs and DNS providers throughout the Member States, would provide tremendous assurances against malicious, coordinated attacks. Designed and implemented properly, this Anycast capability can isolate malicious traffic geographically so that it is dealt with at that point, leaving the rest of the worldwide DNS infrastructure unaffected by the attack. The placement of name servers containing a copy of all DNS zone files and data, updated in real-time on an on-going basis, in Internet Exchange Points in each Member State would also provide significant resilience and defences against sophisticated attacks on the information infrastructure.

This approach creates an environment of independence for each Member State since reverse look-ups and other vital functions of the DNS can still occur within that Member State regardless of the availability of international connectivity or the ability to route traffic outside its borders. Such an approach would have prevented the disastrous internal disruptions experienced recently in Egypt, where the information infrastructure throughout the entire nation was rendered inoperable for a period of time, since reverse look-ups and other essential DNS functions could have continued within Egypt regardless of the availability of international connectivity.

In sum, the Consortium's proposal will analyse the above-mentioned technologies and designs, as well as others that may bolster the DNS and information infrastructure in each Member State.

»   Next