Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers
The encrypted DNS protocol was originally designed to protect DNS communication privacy between users and recursive resolvers (user-recursive side). Currently, encrypted DNS communication has been widely deployed. However, DNS communications between recursive resolvers and authoritative servers (rec...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-10-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024067 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529507432890368 |
|---|---|
| author | DUAN Liying LI Ruixuan LIU Ximeng SHAO Jun LIU Baojun |
| author_facet | DUAN Liying LI Ruixuan LIU Ximeng SHAO Jun LIU Baojun |
| author_sort | DUAN Liying |
| collection | DOAJ |
| description | The encrypted DNS protocol was originally designed to protect DNS communication privacy between users and recursive resolvers (user-recursive side). Currently, encrypted DNS communication has been widely deployed. However, DNS communications between recursive resolvers and authoritative servers (recursive-authoritative side) still faced significant privacy threats. To address this issue, the Internet Engineering Task Force (IETF) officially released RFC 9539 in February 2024, which utilized the encrypted DNS protocol to protect DNS communication privacy on the recursive-authoritative side. Focusing on the privacy benefits of deploying the encrypted DNS protocol on the recursive-authoritative side, a method to evaluate the privacy benefits of domain names was proposed. The method defined three levels of privacy benefits by analyzing the number of domain names hosted by authoritative servers of the target domain name. Combined with the zone files of 1058 top-level domains, the privacy benefit level was determined for 2.43 million popular domain names and 40 thousand sensitive domain names. The results showed that over 90% of domain names could achieve privacy protection through the deployment of encrypted DNS on the recursive-authoritative side. However, 6.28% of sensitive domain names could not benefit from such deployment. In addition, some popular domain names also did not gain privacy benefits. Compared to large domain hosting providers, smaller providers could offer higher privacy benefits for domain names. Administrators were advised not to deploy domains on authoritative servers that hosted only a single domain name, which significantly compromised the privacy protection effectiveness of encrypted DNS protocol deployment on the recursive-authoritative side. |
| format | Article |
| id | doaj-art-38e89ade354846cba8a5bb4cc4a2c58c |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-10-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-38e89ade354846cba8a5bb4cc4a2c58c2025-01-15T03:17:23ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-10-0110718077772454Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative serversDUAN LiyingLI RuixuanLIU XimengSHAO JunLIU BaojunThe encrypted DNS protocol was originally designed to protect DNS communication privacy between users and recursive resolvers (user-recursive side). Currently, encrypted DNS communication has been widely deployed. However, DNS communications between recursive resolvers and authoritative servers (recursive-authoritative side) still faced significant privacy threats. To address this issue, the Internet Engineering Task Force (IETF) officially released RFC 9539 in February 2024, which utilized the encrypted DNS protocol to protect DNS communication privacy on the recursive-authoritative side. Focusing on the privacy benefits of deploying the encrypted DNS protocol on the recursive-authoritative side, a method to evaluate the privacy benefits of domain names was proposed. The method defined three levels of privacy benefits by analyzing the number of domain names hosted by authoritative servers of the target domain name. Combined with the zone files of 1058 top-level domains, the privacy benefit level was determined for 2.43 million popular domain names and 40 thousand sensitive domain names. The results showed that over 90% of domain names could achieve privacy protection through the deployment of encrypted DNS on the recursive-authoritative side. However, 6.28% of sensitive domain names could not benefit from such deployment. In addition, some popular domain names also did not gain privacy benefits. Compared to large domain hosting providers, smaller providers could offer higher privacy benefits for domain names. Administrators were advised not to deploy domains on authoritative servers that hosted only a single domain name, which significantly compromised the privacy protection effectiveness of encrypted DNS protocol deployment on the recursive-authoritative side.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024067domain name systemencrypted DNSprivacy protectioninternet measurement |
| spellingShingle | DUAN Liying LI Ruixuan LIU Ximeng SHAO Jun LIU Baojun Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers 网络与信息安全学报 domain name system encrypted DNS privacy protection internet measurement |
| title | Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers |
| title_full | Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers |
| title_fullStr | Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers |
| title_full_unstemmed | Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers |
| title_short | Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers |
| title_sort | measurement and evaluation for privacy benefits of deploying encrypted dns protocol between recursive and authoritative servers |
| topic | domain name system encrypted DNS privacy protection internet measurement |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024067 |
| work_keys_str_mv | AT duanliying measurementandevaluationforprivacybenefitsofdeployingencrypteddnsprotocolbetweenrecursiveandauthoritativeservers AT liruixuan measurementandevaluationforprivacybenefitsofdeployingencrypteddnsprotocolbetweenrecursiveandauthoritativeservers AT liuximeng measurementandevaluationforprivacybenefitsofdeployingencrypteddnsprotocolbetweenrecursiveandauthoritativeservers AT shaojun measurementandevaluationforprivacybenefitsofdeployingencrypteddnsprotocolbetweenrecursiveandauthoritativeservers AT liubaojun measurementandevaluationforprivacybenefitsofdeployingencrypteddnsprotocolbetweenrecursiveandauthoritativeservers |