The domain name system (DNS) is an essential service of the Internet to provide the mapping service for domain names and IP addresses, as one of the most important addressing services of the Internet. It is an open and interconnected platform and an important portal for the Internet access. The domain name privacy protection is one of the hot issues in the DNS security in recent years. The DNS data encryption algorithm (DNSDEA) is proposed to encrypt the DNS queries and responses between the client and the DNS server over the user datagram protocol (UDP) to protect the user privacy. This algorithm solves the problem of the domain name privacy protection, and is compatible with the traditional DNS system. It maintains the simple and efficient technical characteristics of the DNS system. Compared with the current encryption methods, this approach could increase the granularity of the DNS lookup parallel algorithm, reduce the latency and improve the concurrent DNS queries. Finally, from the technical level, some reference suggestions are made for the research of the subsequent communication encryption applications and for the DNS secure resolution performance.
ZHANG Haikuo
,
LU Zhonghua
,
CHEN Wenyu
,
CHEN Liandong
,
ZUO Peng
,
WANG Jue
,
XU Yanzhi
. DNS communication protocol with consideration of networking privacy[J]. Science & Technology Review, 2019
, 37(8)
: 97
-103
.
DOI: 10.3981/j.issn.1000-7857.2019.08.011
[1] Mockapetris P. Domain names-Concepts and facilities[EB/OL].[2018-10-06]. https://www.ietf.org/rfc/rfc882.txt.
[2] Mockapetris P. Domain names-Implementation and specification[EB/OL].[2018-10-06]. https://www.ietf.org/rfc/rfc1035.txt.
[3] Eastlake D. Domain name system security extensions[EB/OL].[2018-10-06]. https://www.ietf.org/rfc/rfc2535.txt.
[4] Hoffman P, Schlyter J. The DNS-based authentication of named entities (DANE) transport layer security (TLS) Protocol:TLSA[EB/OL].[2018-10-06]. https://www.ietf.org/rfc/rfc6698.txt.
[5] Hoffman P, Schlyter J. Using secure DNS to associate certificates with domain names for S/MIME[EB/OL].[2018-10-06]. https://www.ietf.org/rfc/rfc8162.txt.
[6] 胡宁, 邓文平, 姚苏. 互联网DNS安全研究现状与挑战[J]. 网络与信息安全学报, 2017, 3(3):13-21. Hu Ning, Deng Wenping, Yao Su. Issues and challenges of internet DNS security[J]. Chinese Journal of Network and Information Security, 2017, 3(3):13-21.
[7] The Internet Corporation for Assigned Names and Numbers. Global DNS-CERT business case:Improving the security, stability and resiliency of the DNS[EB/OL].[2018-10-06]. https://www.icann.org/en/system/files/files/dns-cert-business-case-19mar10-en.pdf.
[8] Osterweil E, Massey D, Zhang L. Deploying and monitoring DNS security(DNSSEC)[C]//Twenty-Fifth Annual Computer Security Applications Conference (ACSAC 2009). Honolulu:Curran Associates, 2009:429-438.
[9] Banse C, Herrmann D, Federrath H.Tracking users on the Internet with behavioral patterns:Evaluation of its practical feasibility[C]//IFIP Advances in Information & Communication Technology. Hamburg:Springer, 2017, 376:235-248.
[10] Herrmann D, Maaß M, Federrath H. Evaluating the security of a DNS query obfuscation scheme for private web surfing[C]//IFIP International Information Security Conference. Berlin, Heidelberg:Springer, 2014, 342:115-121.
[11] 黄锴, 孔宁. DNS隐私问题现状的研究[J]. 计算机工程与应用, 2018, 54(9):28-36. Huang Kai, Kong Ning. Research on status of DNS privacy[J]. Computer Engineering and Applications, 2018, 54(9):28-36.
[12] Bortzmeyer S. DNS privacy considerations[EB/OL].[2018-10-06]. https://www.ietf.org/rfc/rfc7626.txt.
[13] Dempsky M. DNSCurve:Link-level security for the domain name system[EB/OL].(2010-02-26)[2018-10-06]. https://tools.ietf.org/id/draft-dempsky-dnscurve-01.txt.
[14] Fischer S, Rensing W I C, Rödig D I U. Transport layer security[J]. IEEE Internet Computing, 2014, 18(6):60-63.
[15] Zhu L, Hu Z, Heidemann J, et al. T-DNS:Connectionoriented DNS to improve privacy and security(poster abstract)[J]. ACM Sigcomm Computer Communication Review, 2015, 44(4):379-380.