ABSTRACT:

The Domain Name System (DNS), one of the modern-day Internet foundations, primarily translates domain names into IP addresses enabling easy access to online services. DNS name resolution seems simple at a high level but has evolved into a complex and intricate protocol over time. Errors in either DNS configurations or DNS implementations have far-reaching disruptive consequences. This is evident from past DNS issues that have rendered popular services such as GitHub, Twitter, HBO, LinkedIn, Yelp, and Azure inaccessible for extended periods. In this talk, I will describe our work towards making the DNS as robust as possible via formal methods. First, I will present GRoot, a new verification tool that performs exhaustive and proactive static analysis of DNS configuration files (zone files) to guarantee key correctness properties. We applied GRoot to the configuration files we obtained from a large campus network with over a hundred thousand records, and it revealed 109 new bugs and completed in under 10 seconds. Then, in the second part of the talk, I will describe a novel approach, called SCALE, for finding RFC compliance errors in DNS nameserver implementations via automatic test generation. I will talk about our experience building a tool called Ferret based on this approach. Using Ferret, we identified 30 new bugs in 8 popular open-source DNS implementations such as BIND, PowerDNS, KNOT, and NSD, including 3 previously unknown critical security vulnerabilities.

BIP:

Siva Kakarla is a Ph.D. candidate in the Computer Science department at UCLA, advised by Prof. Todd Millstein and Prof. George Varghese. His research interests lie at the intersection of networks and programming languages. Siva won the best student paper award at SIGCOMM 2020 and was a Facebook 2021 Ph.D. fellowship finalist. Siva is also a recipient of the UCLA Graduate Dean’s Scholar Award and UCLA Dissertation-Year Fellowship. During his Ph.D., he interned and used his research tools with the three major cloud providers, Microsoft, Google, and Amazon. More details can be found at https://www.sivak.dev/.

Hosted by Professor Todd Millstein