加密DNS:好的，坏的和没有意义的

Q1 Social Sciences

Computer Fraud and Security Pub Date : 2022-05-01 DOI:10.12968/s1361-3723(22)70572-6

G. Kambourakis, Georgios Karopoulos

{"title":"加密DNS:好的，坏的和没有意义的","authors":"G. Kambourakis, Georgios Karopoulos","doi":"10.12968/s1361-3723(22)70572-6","DOIUrl":null,"url":null,"abstract":"Every connection to an Internet service requires a Domain Name System (DNS) lookup. Nevertheless, similar to other protocols used since the early days of the Internet, DNS was not designed with trust and security in mind. From a bird's eye view, the DNS threat model boils down to two types of attackers: off-path ones who can transmit packets but cannot observe the traffic, and on-path who sit either between the client and the recursive resolver, or between the recursive resolver and the DNS servers, and can read or modify packets.","PeriodicalId":35636,"journal":{"name":"Computer Fraud and Security","volume":"48 16 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Encrypted DNS: The good, the bad and the moot\",\"authors\":\"G. Kambourakis, Georgios Karopoulos\",\"doi\":\"10.12968/s1361-3723(22)70572-6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Every connection to an Internet service requires a Domain Name System (DNS) lookup. Nevertheless, similar to other protocols used since the early days of the Internet, DNS was not designed with trust and security in mind. From a bird's eye view, the DNS threat model boils down to two types of attackers: off-path ones who can transmit packets but cannot observe the traffic, and on-path who sit either between the client and the recursive resolver, or between the recursive resolver and the DNS servers, and can read or modify packets.\",\"PeriodicalId\":35636,\"journal\":{\"name\":\"Computer Fraud and Security\",\"volume\":\"48 16 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Fraud and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12968/s1361-3723(22)70572-6\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Fraud and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12968/s1361-3723(22)70572-6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 4

摘要

每次连接到互联网服务都需要进行域名系统(DNS)查找。然而，与互联网早期以来使用的其他协议类似，DNS在设计时并没有考虑到信任和安全性。从全局上看，DNS威胁模型可以归结为两种类型的攻击者:off-path攻击者可以传输数据包，但无法观察流量;on-path攻击者位于客户端和递归解析器之间，或者递归解析器和DNS服务器之间，可以读取或修改数据包。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Encrypted DNS: The good, the bad and the moot

Every connection to an Internet service requires a Domain Name System (DNS) lookup. Nevertheless, similar to other protocols used since the early days of the Internet, DNS was not designed with trust and security in mind. From a bird's eye view, the DNS threat model boils down to two types of attackers: off-path ones who can transmit packets but cannot observe the traffic, and on-path who sit either between the client and the recursive resolver, or between the recursive resolver and the DNS servers, and can read or modify packets.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Fraud and Security Social Sciences-Law

自引率

0.00%

发文量

期刊介绍： Computer Fraud & Security has grown with the fast-moving information technology industry and has earned a reputation for editorial excellence with IT security practitioners around the world. Every month Computer Fraud & Security enables you to see the threats to your IT systems before they become a problem. It focuses on providing practical, usable information to effectively manage and control computer and information security within commercial organizations.