Encrypted DNS: The good, the bad and the moot

Q1 Social Sciences Computer Fraud and Security Pub Date : 2022-05-01 DOI:10.12968/s1361-3723(22)70572-6

G. Kambourakis, Georgios Karopoulos

引用次数: 4

Abstract

Every connection to an Internet service requires a Domain Name System (DNS) lookup. Nevertheless, similar to other protocols used since the early days of the Internet, DNS was not designed with trust and security in mind. From a bird's eye view, the DNS threat model boils down to two types of attackers: off-path ones who can transmit packets but cannot observe the traffic, and on-path who sit either between the client and the recursive resolver, or between the recursive resolver and the DNS servers, and can read or modify packets.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

加密DNS:好的，坏的和没有意义的

每次连接到互联网服务都需要进行域名系统(DNS)查找。然而，与互联网早期以来使用的其他协议类似，DNS在设计时并没有考虑到信任和安全性。从全局上看，DNS威胁模型可以归结为两种类型的攻击者:off-path攻击者可以传输数据包，但无法观察流量;on-path攻击者位于客户端和递归解析器之间，或者递归解析器和DNS服务器之间，可以读取或修改数据包。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computer Fraud and Security Social Sciences-Law

自引率

0.00%

发文量

期刊介绍： Computer Fraud & Security has grown with the fast-moving information technology industry and has earned a reputation for editorial excellence with IT security practitioners around the world. Every month Computer Fraud & Security enables you to see the threats to your IT systems before they become a problem. It focuses on providing practical, usable information to effectively manage and control computer and information security within commercial organizations.

期刊最新文献

The challenges of data sovereignty Assessing cyber security coverage in non-computing disciplines Incident response: are alert levels now unmanageable? Six steps to dealing with a ransomware attack Improving national security through accountability