Enhancement of DNSSec: Including Confidentiality to Name Resolution

Eduardo Takeo Ueda; Marco Tulio Manso Vieira; Adilson Eduardo Guelfi; Anderson Aparecido Alves da Silva; Marcelo Teixeira de Azevedo; Lincoln Marcellos; Sergio Takeo Kofuji

doi:10.17648/jisc.v7i1.77

Article Tools

Print this article

Indexing metadata

How to cite item

Email this article (Login required)

Email the author (Login required)

Font Size

Open Journal Systems

Language

User

Journal Help

About The Authors

Eduardo Takeo Ueda

Marco Tulio Manso Vieira

Adilson Eduardo Guelfi

Anderson Aparecido Alves da Silva

Marcelo Teixeira de Azevedo

Lincoln Marcellos

Sergio Takeo Kofuji

Journal Content
Browse

Notifications

Enhancement of DNSSec: Including Confidentiality to Name Resolution

Eduardo Takeo Ueda, Marco Tulio Manso Vieira, Adilson Eduardo Guelfi, Anderson Aparecido Alves da Silva, Marcelo Teixeira de Azevedo, Lincoln Marcellos, Sergio Takeo Kofuji

Abstract

DNS is one of the pillars of the Internet, understanding of functioning, performance and efficiency is paramount in building a name-resilient infrastructure that is responsive and resilient. The purpose of this work is to demonstrate that although DNSSEC provides integrity and reliability to the protocol, the question of ensuring that the DNS service that responded to the request is a valid DNS service, queries are still performed in plaintext, thus enabling monitoring and consequently access to all queries and metadata inherent to them by an attacker, that is, there is no confidentiality. We will demonstrate using protocols that are in development such as DNSCrypt, DNS over TLS and DNS over HTTPS, the feasibility of using encryption between the DNS client and the recursive server, thus guaranteeing DNS queries with a slightly longer latency, but within acceptable limits for practical use by a user.