Defense in Depth for DNS

The Domain Name System (DNS) is one of the key components of the Internet and most IP networks, for that matter. Despite its importance, not many people have even heard of DNS, much less know what it is and how to keep it secure. For the sake of the uninitiated, DNS is analogous to a telephone directory for the Internet. DNS translates the server names, that humans are more likely to remember, to IP addresses, which computers use to navigate through the Internet. For instance, it is easy for most people to remember that Example Inc.'s web server is at www.example.com. However, in order for your browser to locate the server, it has to ask a DNS server for the IP address of www.example.com. DNS is the application that saves you the nightmare of remembering all those IP addresses and instead use friendly names like www.example.com. This paper will focus on security for the most widely used DNS server on the Internet, namely the Berkeley Internet Name Domain (BIND).