Secure Glue: A Cache and Zone Transfer Considering Automatic Renumbering

Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of domain name registrations is reaching 276 million across all top level domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successfully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.