Domain Name System Resolution System with Hyperledger Fabric Blockchain

There is a strong demand for a trusted domain name resolution mechanism because of endless cyber-attacks. However, the existing collaborative Domain Name System (DNS) security schemes have low credibility and an imperfect validating method. Therefore, we propose a multi-DNS resolution model, namely, HFDNS, which can improve the credibility of DNS resolution results by establishing a complete chain of trust by combining an automated DNS system with Hyperledger Fabric Blockchain. Our team developed a DNS recursive server cluster in which nodes jointly resolve domains. Therefore, hackers must compromise nodes simultaneously to poison our DNS system successfully. All verified records are then saved in a secure place, which, in our project, is a Hyperledger Fabric network. Our system can detect and discard malicious DNS packets from this validation scheme. Hyperledger Fabric Blockchain is a carrier of the peer-to-peer network to reduce the impact of illegal access and complicity tampering on the DNS credibility. Hyperledger Fabric Blockchain has four characteristics: permission network, confidential transaction, non-crypto currency, and programmable. Furthermore, the DNS records stored in the Hyperledger network are immutable, thus maintaining their validity. This system is expected to be used by enterprise or service provider networks. The experiment shows that our system can consistently resolve users’ queries within 192 ms for uncached records and 14 ms for cached records. Furthermore, our validation algorithm successfully returned a valid response for 84% of the total queries.