Enhancement of DNSSec: Including Confidentiality to Name Resolution

Eduardo Takeo Ueda, Marco Tulio Manso Vieira, Adilson Eduardo Guelfi, Anderson Aparecido Alves da Silva, Marcelo Teixeira de Azevedo, Lincoln Marcellos, Sergio Takeo Kofuji

Abstract


DNS is one of the pillars of the Internet, understanding of functioning, performance and efficiency is paramount in building a name-resilient infrastructure that is responsive and resilient. The purpose of this work is to demonstrate that although DNSSEC provides integrity and reliability to the protocol, the question of ensuring that the DNS service that responded to the request is a valid DNS service, queries are still performed in plaintext, thus enabling monitoring and consequently access to all queries and metadata inherent to them by an attacker, that is, there is no confidentiality. We will demonstrate using protocols that are in development such as DNSCrypt, DNS over TLS and DNS over HTTPS, the feasibility of using encryption between the DNS client and the recursive server, thus guaranteeing DNS queries with a slightly longer latency, but within acceptable limits for practical use by a user.

Keywords


DNS; DNSSEC; DNSCRYPT; DNS over TLS; DNS over HTTPS



DOI: https://doi.org/10.17648/jisc.v7i1.77

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Licença Creative Commons
This site is licensed with the Creative Commons Atribuição-NãoComercial-SemDerivações 4.0 Internacional

RENASIC Logo1 Logo2 Logo3