DNS was not designed to be secure. The biggest security hole in DNS is the lack of support for data integrity authentication, source authentication, and authorization. In this paper, a secure DNS scheme based on intrusion tolerance is proposed. This secure DNS is intrusion-tolerant by using Byzantine intrusion tolerant technique and voting mechanism. The scheme provides high integrity, robustness, and availability of service in the presence of arbitrary failures, including failures due to malicious attacks. The proposed scheme consists of 3f+l tightly coupled replicas per name server and guara...