Active-Active DNS Architectures: Building Resilient Global-Scale Name Resolution Systems
DOI:
https://doi.org/10.22399/ijcesen.4099Keywords:
Active-Active Architecture, DNS Resilience, Multi-Plane Design, DDoS Mitigation, Global SynchronizationAbstract
Active-active DNS architectures are a paradigm shift in terms of the construction of resilient name resolution infrastructure that can satisfy the current needs of the Internet. Classical active/ passive type of failure mode illustrates striking weaknesses when faced with the current demands of uninterrupted availability, extreme latency, and defense against advanced attacks. The architectural development of simultaneous multi-plane operations gets rid of single failure points with systematically redundant heterogeneous technology stacks. These deployments utilize decentralized concepts, spreading zone data across stand-alone resolver planes that preserve self-operation capabilities while synchronizing over high-speed replication pipelines. Defense-in-depth techniques utilize more than one filtering layer, ranging from network-edge volumetric defense to application-layer anomaly detection, building robust protections against dynamic threat environments. Data synchronization technologies find consistency requirements and performance demands in balance through event-driven designs and cryptographic authentication protocols. Operational excellence is realized through ongoing optimization, with chaos engineering techniques confirming resilience hypotheses and remediation automation systems ensuring service continuity. The interaction of these architectural aspects allows DNS infrastructures to meet nearly perfect availability objectives while handling hundreds of billions of queries per day across distributed networks worldwide.
References
[1] Kamil Jerabek et al., "Comparative analysis of DNS over HTTPS detectors", ScienceDirect, 2024. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1389128624002846
[2] Chandrapal Singh and Ankit Kumar Jain, "A comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network", ScienceDirect, 2024. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2772671124001256
[3] Guang Yang, "Development and Application of a Decentralized Domain Name Service", arXiv, 2024. [Online]. Available: https://arxiv.org/pdf/2412.01959
[4] Tomas Hernandez-Quintanilla et al., "On the reduction of authoritative DNS cache timeouts: Detection and implications for user privacy", ScienceDirect, 2021. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1084804520303994
[5] Anshuman Singh and Brij B. Gupta, "Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms: Issues, Challenges, and Future Research Directions", ResearchGate, 2022. [Online]. Available: https://www.researchgate.net/publication/363114413_Distributed_Denial-of-Service_DDoS_Attacks_and_Defense_Mechanisms_in_Various_Web-Enabled_Computing_Platforms_Issues_Challenges_and_Future_Research_Directions
[6] Xiulin Yang, "Research on Network Security Attack Defense Mechanism and Its Development Trend", ResearchGate, July 2025. [Online]. Available: https://www.researchgate.net/publication/394866264_Research_on_Network_Security_Attack_Defense_Mechanism_and_Its_Development_Trend
[7] Jingfu LI, "A QoS-aware Mechanism for Reducing TCP Retransmission Timeouts using Network Tomography", ResearchGate, 2023. [Online]. Available: https://www.researchgate.net/publication/374485134_A_QoS-aware_Mechanism_for_Reducing_TCP_Retransmission_Timeouts_using_Network_Tomography
[8] Mariusz Kamola, "Internet of Things with Lightweight Identities Implemented Using DNS DANE—Architecture Proposal", MDPI, 2018. [Online]. Available: https://www.mdpi.com/1424-8220/18/8/2517?type=check_update&version=1
[9] Zahian Ismail et al., "A Framework for Detecting Botnet Command and Control Communication over an Encrypted Channel", ResearchGate, 2020. [Online]. Available: https://www.researchgate.net/publication/339026794_A_Framework_for_Detecting_Botnet_Command_and_Control_Communication_over_an_Encrypted_Channel
[10] Synthia Wang et al., "Measuring the Consolidation of DNS and Web Hosting Providers", arXiv, 2024. [Online]. Available: https://arxiv.org/html/2110.15345v2
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
