WSEC DNS is a novel query algorithm devised to protect recursive DNS (RDNS) resolvers from cache poisoning attacks, including Kaminsky's attack.
- R. Perdisci, M. Antonakakis, X. Luo, W. Lee. "WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks." DSN-DCCS 2009.
- R. Perdisci, M. Antonakakis, X. Luo, W. Lee. "WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks (extended)", Technical Report, November 2008, Updated on June 5, 2009 (Note: This is an extended version of a paper to apper at DSN-DCCS'09). [pdf].
- Implementation of WSEC DNS based on PowerDNS v3.1.7 [download]
- NOTE : our implementation of WSEC DNS is only a proof-of-concept. The secure cache update policies for root and TLD name servers are not implemented (see Section 3.5 of our DSN-DCCS paper). Also, not all the policies for handling configuration corner cases are implemented.