Federated DNS Security with Trust-Weighted Consensus and LLM-Driven Threat Detection

Although the Domain Name System (DNS) is an essential part of the Internet infrastructure, it is also a flawed and a frail system. Although DNSSEC and encrypted transport protocols have been deployed, modern DNS security remains based on hierarchical trust systems and centralised resolvers, hindering transparency and adaptability as well as real-time detection of anomalies. In turn, this paper presents a new architecture, Federated DNS Security (F-DNS), which is a decentralized, trust-based and semantically enriched to deliver verifiable consensus between distributed resolvers. F–DNS consists of three synergistic layers: (i) a federated consensus mechanism weighted by trust, which is developed to promote adaptive reliability and avoids a single point of authority (ii) a permissioned blockchain ledger where all decisions and trust updates are recorded thus ensuring immutable auditability (iii) a large-language-model (LLM) based on-alert semantic detector, which is solely activated in case of consensus ambiguity, thus maintaining real-time performance. Empirical testing with combined data sets in the real world- CAIDA DNS traces and HYDRA DGA and CIC-Bell DNS tunnels and Spamhaus DBL - shows that F-DNS is able to get an F1 score of 0.93 and a mean latency of 10.9 ms. The outcomes of these results provide a Pareto-optimal tradeoff between detection accuracy, transparency and efficiency. Based on the findings, decentralized trust diffusion, selective semantic reasoning, and blockchain auditability can exist in a single architecture, creating a basis of responsible and intelligible DNS intelligence.