Lanlan Pan, Xin Zhang, Anlei Hu, Xuebiao Yuchi, Jian Wang
{"title":"缓解DNS查询客户端子网泄漏","authors":"Lanlan Pan, Xin Zhang, Anlei Hu, Xuebiao Yuchi, Jian Wang","doi":"10.1109/PST.2018.8514164","DOIUrl":null,"url":null,"abstract":"Many authoritative servers today return different responses based on the perceived geographical location of the resolvers' IP addresses, to bring the content as close to the users as possible. RFC7871 proposes an EDNS Client Subnet (ECS) extension to carry part of the client's IP address in the DNS packets for authoritative server. Compared with the resolver's IP address in the DNS packets, ECS can help the authoritative server to guess the user's geographical location more precisely. However, ECS raises some privacy concerns since it leaks client's subnet information on the resolution path to the authoritative server. In order to find a right balance between privacy improvement and end-user experience optimization, in this paper we introduce an EDNS ISP Location (EIL) extension to address the client subnet leakage problem of ECS. Note that EIL can reduce the dependence on high quality IP geolocation database, while this is crucial to ensure DNS response's accuracy in ECS.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Mitigating Client Subnet Leakage in DNS Queries\",\"authors\":\"Lanlan Pan, Xin Zhang, Anlei Hu, Xuebiao Yuchi, Jian Wang\",\"doi\":\"10.1109/PST.2018.8514164\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many authoritative servers today return different responses based on the perceived geographical location of the resolvers' IP addresses, to bring the content as close to the users as possible. RFC7871 proposes an EDNS Client Subnet (ECS) extension to carry part of the client's IP address in the DNS packets for authoritative server. Compared with the resolver's IP address in the DNS packets, ECS can help the authoritative server to guess the user's geographical location more precisely. However, ECS raises some privacy concerns since it leaks client's subnet information on the resolution path to the authoritative server. In order to find a right balance between privacy improvement and end-user experience optimization, in this paper we introduce an EDNS ISP Location (EIL) extension to address the client subnet leakage problem of ECS. Note that EIL can reduce the dependence on high quality IP geolocation database, while this is crucial to ensure DNS response's accuracy in ECS.\",\"PeriodicalId\":265506,\"journal\":{\"name\":\"2018 16th Annual Conference on Privacy, Security and Trust (PST)\",\"volume\":\"69 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 16th Annual Conference on Privacy, Security and Trust (PST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PST.2018.8514164\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST.2018.8514164","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Many authoritative servers today return different responses based on the perceived geographical location of the resolvers' IP addresses, to bring the content as close to the users as possible. RFC7871 proposes an EDNS Client Subnet (ECS) extension to carry part of the client's IP address in the DNS packets for authoritative server. Compared with the resolver's IP address in the DNS packets, ECS can help the authoritative server to guess the user's geographical location more precisely. However, ECS raises some privacy concerns since it leaks client's subnet information on the resolution path to the authoritative server. In order to find a right balance between privacy improvement and end-user experience optimization, in this paper we introduce an EDNS ISP Location (EIL) extension to address the client subnet leakage problem of ECS. Note that EIL can reduce the dependence on high quality IP geolocation database, while this is crucial to ensure DNS response's accuracy in ECS.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
