The Domain Name System (DNS) is a critical component of the Internet infrastructure. However---as with many components of Internet technology---DNS has numerous vulnerabilities. In particular, shared DNS resolvers are a notorious security weak spot in the system. In this paper we propose an unorthodox approach for tackling both known and unknown vulnerabilities within shared DNS resolvers: removing shared DNS resolvers entirely and pushing their tasks on clients. We show that the two primary costs of this approach---loss of performance and an increase in system load---are modest and therefore conclude that this approach is beneficial for strengthening the overall name resolution process by reducing the attack surface of the DNS.
more here.............http://www.icir.org/mallman/pubs/SAR14/SAR14.pdf
more here.............http://www.icir.org/mallman/pubs/SAR14/SAR14.pdf