Encrypted DNS: The good, the bad and the moot

Q1 Social Sciences

Computer Fraud and Security Pub Date : 2022-05-01 DOI:10.12968/s1361-3723(22)70572-6

G. Kambourakis, Georgios Karopoulos

引用次数: 4

Abstract

Every connection to an Internet service requires a Domain Name System (DNS) lookup. Nevertheless, similar to other protocols used since the early days of the Internet, DNS was not designed with trust and security in mind. From a bird's eye view, the DNS threat model boils down to two types of attackers: off-path ones who can transmit packets but cannot observe the traffic, and on-path who sit either between the client and the recursive resolver, or between the recursive resolver and the DNS servers, and can read or modify packets.

查看原文本刊更多论文

加密DNS:好的，坏的和没有意义的

每次连接到互联网服务都需要进行域名系统(DNS)查找。然而，与互联网早期以来使用的其他协议类似，DNS在设计时并没有考虑到信任和安全性。从全局上看，DNS威胁模型可以归结为两种类型的攻击者:off-path攻击者可以传输数据包，但无法观察流量;on-path攻击者位于客户端和递归解析器之间，或者递归解析器和DNS服务器之间，可以读取或修改数据包。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Fraud and Security Social Sciences-Law

自引率

0.00%

发文量

期刊介绍： Computer Fraud & Security has grown with the fast-moving information technology industry and has earned a reputation for editorial excellence with IT security practitioners around the world. Every month Computer Fraud & Security enables you to see the threats to your IT systems before they become a problem. It focuses on providing practical, usable information to effectively manage and control computer and information security within commercial organizations.