We describe the development of IRONSIDES, an implementation of DNS that is provably invulnerable to remote code execution exploits and single-packet denial of service attacks. Our experimental results show it to be over three times as fast as BIND, the most common implementation of DNS.