Enhancement of DNSSec: Including Confidentiality to Name Resolution
Abstract
DNS is one of the pillars of the Internet, understanding of functioning, performance and efficiency is paramount in building a name-resilient infrastructure that is responsive and resilient. The purpose of this work is to demonstrate that although DNSSEC provides integrity and reliability to the protocol, the question of ensuring that the DNS service that responded to the request is a valid DNS service, queries are still performed in plaintext, thus enabling monitoring and consequently access to all queries and metadata inherent to them by an attacker, that is, there is no confidentiality. We will demonstrate using protocols that are in development such as DNSCrypt, DNS over TLS and DNS over HTTPS, the feasibility of using encryption between the DNS client and the recursive server, thus guaranteeing DNS queries with a slightly longer latency, but within acceptable limits for practical use by a user.
Keywords
DNS; DNSSEC; DNSCRYPT; DNS over TLS; DNS over HTTPS
Full Text:
PDF (Português (Brasil))DOI: https://doi.org/10.17648/jisc.v7i1.77
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 4.0 International License.
This site is licensed with the Creative Commons Atribuição-NãoComercial-SemDerivações 4.0 Internacional