{"title":"提出了一种基于doh的域名解析架构,包括权威DNS服务器","authors":"Satoru Sunahara, Yong Jin, K. Iida","doi":"10.1109/ITNAC55475.2022.9998349","DOIUrl":null,"url":null,"abstract":"In addition to cache poisoning attacks, the privacy leakage has become a critical issue in DNS nowadays. Especially, the communication between the DNS full-service resolver and the authoritative DNS servers may go through multiple ISP networks. Thus, if the communication path contains areas with different privacy policies, the security and privacy in DNS domain name resolution cannot be guaranteed. To mitigate cache poisoning attacks and protect the privacy of the Internet users, we propose a novel architecture that encrypts all DNS communications with DoH. In the proposed architecture, in addition to the communication between the end clients and the DNS full-service resolvers, that between the DNS full-service resolvers and the authoritative DNS servers is also covered by DoH. As a result, not only the risk of cache poisoning attacks can be dramatically mitigated on DNS full-service resolver but also the risk of eavesdropping on DNS traffic can be reduced. Moreover, the proposed architecture is the first approach to pure DoH-based domain name resolution including DNS authoritative DNS servers.","PeriodicalId":205731,"journal":{"name":"2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A proposal of DoH-based domain name resolution architecture including authoritative DNS servers\",\"authors\":\"Satoru Sunahara, Yong Jin, K. Iida\",\"doi\":\"10.1109/ITNAC55475.2022.9998349\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In addition to cache poisoning attacks, the privacy leakage has become a critical issue in DNS nowadays. Especially, the communication between the DNS full-service resolver and the authoritative DNS servers may go through multiple ISP networks. Thus, if the communication path contains areas with different privacy policies, the security and privacy in DNS domain name resolution cannot be guaranteed. To mitigate cache poisoning attacks and protect the privacy of the Internet users, we propose a novel architecture that encrypts all DNS communications with DoH. In the proposed architecture, in addition to the communication between the end clients and the DNS full-service resolvers, that between the DNS full-service resolvers and the authoritative DNS servers is also covered by DoH. As a result, not only the risk of cache poisoning attacks can be dramatically mitigated on DNS full-service resolver but also the risk of eavesdropping on DNS traffic can be reduced. Moreover, the proposed architecture is the first approach to pure DoH-based domain name resolution including DNS authoritative DNS servers.\",\"PeriodicalId\":205731,\"journal\":{\"name\":\"2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITNAC55475.2022.9998349\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITNAC55475.2022.9998349","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A proposal of DoH-based domain name resolution architecture including authoritative DNS servers
In addition to cache poisoning attacks, the privacy leakage has become a critical issue in DNS nowadays. Especially, the communication between the DNS full-service resolver and the authoritative DNS servers may go through multiple ISP networks. Thus, if the communication path contains areas with different privacy policies, the security and privacy in DNS domain name resolution cannot be guaranteed. To mitigate cache poisoning attacks and protect the privacy of the Internet users, we propose a novel architecture that encrypts all DNS communications with DoH. In the proposed architecture, in addition to the communication between the end clients and the DNS full-service resolvers, that between the DNS full-service resolvers and the authoritative DNS servers is also covered by DoH. As a result, not only the risk of cache poisoning attacks can be dramatically mitigated on DNS full-service resolver but also the risk of eavesdropping on DNS traffic can be reduced. Moreover, the proposed architecture is the first approach to pure DoH-based domain name resolution including DNS authoritative DNS servers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
