Version 1
: Received: 3 May 2023 / Approved: 4 May 2023 / Online: 4 May 2023 (04:28:03 CEST)
How to cite:
Sunahara, S.; Jin, Y.; Iida, K. A Framework for Institutional Privacy Considered Domain Name Resolution: Full-DoH DNS Architecture. Preprints2023, 2023050189. https://doi.org/10.20944/preprints202305.0189.v1
Sunahara, S.; Jin, Y.; Iida, K. A Framework for Institutional Privacy Considered Domain Name Resolution: Full-DoH DNS Architecture. Preprints 2023, 2023050189. https://doi.org/10.20944/preprints202305.0189.v1
Sunahara, S.; Jin, Y.; Iida, K. A Framework for Institutional Privacy Considered Domain Name Resolution: Full-DoH DNS Architecture. Preprints2023, 2023050189. https://doi.org/10.20944/preprints202305.0189.v1
APA Style
Sunahara, S., Jin, Y., & Iida, K. (2023). A Framework for Institutional Privacy Considered Domain Name Resolution: Full-DoH DNS Architecture. Preprints. https://doi.org/10.20944/preprints202305.0189.v1
Chicago/Turabian Style
Sunahara, S., Yong Jin and Katsuyoshi Iida. 2023 "A Framework for Institutional Privacy Considered Domain Name Resolution: Full-DoH DNS Architecture" Preprints. https://doi.org/10.20944/preprints202305.0189.v1
Abstract
DNS is a necessary infrastructure for accessing the Internet. Until now, privacy protection in domain name resolution has mainly focused on end user privacy (communication encryption between clients and DNS full-service resolver). For this reason, communication between DNS full-service resolver and authoritative DNS servers is still done in plaintext. A DNS request from a DNS full-service resolver to an authoritative DNS server does not pose a privacy issue because the source IP address that comes from is the DNS full-service resolver. However, in recent years, there have been reports of specific techniques for identifying the privacy of previously unknown institutions by analyzing the logs of authoritative DNS servers. In order to further strengthen privacy in DNS communication, we proposed an architecture to encrypt all DNS communication in DoH, created a prototype environment, and investigated performance evaluation. The main contributions of this paper are threefold. First, we proposed the Full-DoH DNS architecture. This is a domain name resolution framework designed specifically for institutional privacy. Second, we evaluated the proposed architecture through a prototype implementation. Finally, we discussed related issues to the proposed architecture.
Keywords
DNS; DNS over HTTPS; DoH; Privacy; Institutional Privacy
Subject
Engineering, Safety, Risk, Reliability and Quality
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.