  • 李白杨,朱宇佳,刘庆云,孙永,张跃冬,郭莉.加密DNS:协议、研究现状与未来展望[J].信息安全学报,已采用    [点击复制]
  • Li Baiyang,Zhu Yujia,Liu Qingyun,Sun Yong,Zhang Yuedong,Guo Li.Encrypted DNS: Protocol, Research Status and Future Prospects[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 5967次   下载 498  
李白杨1, 朱宇佳1, 刘庆云1, 孙永1, 张跃冬2, 郭莉1
关键词:  DNS安全  加密DNS  网络测量  传输协议
Encrypted DNS: Protocol, Research Status and Future Prospects
Li Baiyang1, Zhu Yujia1, Liu Qingyun1, Sun Yong1, Zhang Yuedong2, Guo Li1
(1.Institute of Information Engineering, Chinese Academy of Sciences;2.CNCERT/CC)
The Domain Name System (DNS), which provides a user-friendly name associated with an internet source, is one of the most important infrastructure components of the Internet. Almost every activity on the Internet starts with a DNS query. Although DNS is so critical, it can not guarantee transmission security and user privacy due to its inherent protocol vulnerability. Encrypted DNS, which protects user privacy by encrypting DNS data, has developed rapidly in recent years and attracted extensive attention. Using encrypted DNS, instead of plaintext DNS on the client side, has become a noticeable trend. It should be admitted that encrypted DNS is gradually changing the DNS ecosystem. And analyzing its impact on the DNS ecosystem is necessary and important. In order to fully understand the devel-opment of encrypted DNS and the impact on the DNS ecosystem, we conduct a survey on the status of encrypted DNS, concentrating on hot topics. In this paper, we introduce protocol implementations of encrypted DNS first. The state of development for each protocol is summarized in detail. The current five major protocols, DNSCrypt, DNS-over-TLS (DoT), DNS-over-DTLS (DoD), DNS-over-QUIC (DoQ) and DNS-over-HTTPS (DoH), are the most widely attractive. We compare these protocols from aspects of design, usability and maturity. Then, we analyze fo-cused research areas of encrypted DNS in depth. Current status of the research on encrypted DNS can be concluded into four areas: adoption, performance, security and the impact on other Internet applications or services. The re-search progress of each area, which demonstrates the availability of encrypted DNS, is concluded. Finally, based on the current work, we discuss future trends and prospect important issues of encrypted DNS from the perspective of system optimization. Feasible future directions, performance improvement, security enhancement, selection mechanism and service management are proposed. These proposals could help provide a reference for further research.
Key words:  DNS security  encrypted DNS  network measurement  protocol