Can Encrypted DNS Be Fast?

Hounsel, Austin; Schmitt, Paul; Borgolte, Kevin; Feamster, Nick

doi:10.1007/978-3-030-72582-2_26

Cited by 15 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…From the above studies, it is quite clear that DNS encryption protocols perform not so well when network conditions are less ideal. This remark has also been drawn from measurement research works done on edge networks [38,46,57,81] (e.g., home) that have substantial distance from the essential Internet infrastructures. By measuring DoH resolution times from 22K unique hosts across the world, the authors of [38] found that hosts in high-income countries/regions with better Internet infrastructure are less likely to have performance degradation.…”

Section: Performance Analysismentioning

confidence: 95%

“…The authors of [46] measured DoT lookups from 3.2K RIPE Atlas probes deployed in home networks and obtained high failure rates (up to 32%) and equivalent response times (around 150ms) compared with plaintext DNS, which had its low failure rates of less than 3%. Lastly, A. Hounsel et al [57] performed measurements on more than 2500 home networks participating in a Measuring Broadband America program by the Federal Communications Commission (FCC). They highlighted that DNS clients could periodically conduct active probing in order to select their optimal user settings in terms of the choice of protocol (DoT or DoH)…”

Section: Performance Analysismentioning

confidence: 99%

See 1 more Smart Citation

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Lyu,

Gharakheili,

Sivaraman

2022

Preprint

View full text Add to dashboard Cite

The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published since 2016, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status, performance, benefits, and security issues. Second, we highlight ways that various malware families can exploit DNS encryption to their advantage for botnet communications and/or data exfiltration. Third, we discuss existing inference methods for profiling normal patterns and/or detecting malicious encrypted DNS traffic. Several directions are presented to motivate future research in enhancing the performance and security of DNS encryption.CCS Concepts: • Networks → Application layer protocols; Naming and addressing; • Security and privacy → Security protocols; Malware and its mitigation.

show abstract

Section: Performance Analysismentioning

confidence: 95%

Section: Performance Analysismentioning

confidence: 99%

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Lyu,

Gharakheili,

Sivaraman

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…However, when DoH connection is reused for multiple queries, the additional latency is negligible. Another study performed by Hounsel et al [12] shows that DoH latency and reliability strongly depend on the selected resolver. This is also supported by Jerabek et al [13] who studied DoH resolver behavior and the distribution of DoH packet sizes depending on used resolvers.…”

Section: Related Research On Dohmentioning

confidence: 96%

“…An example of such usage is the PsiXbot malware. The analysis12 www.virustotal.com created by the Proofpoint threat insight team [57] reveals that PsiXbot uses the hardcoded dns.google.com resolver and issues a JSON-based DoH request via HTTP 1.1 to resolve a hardcoded C2 domain.…”

mentioning

confidence: 99%

Summary of DNS Over HTTPS Abuse

et al. 2022

View full text Add to dashboard Cite

The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. According to our observations and the analysis described in this paper, protecting DNS queries using HTTPS entails security threats. This paper surveys DoH related research works and analyzes malicious and unwanted activities that leverage DNS over HTTPS and can be currently observed in the wild. Additionally, we describe three realworld abuse scenarios observed in the web environment that reveal how service providers intentionally use DNS over HTTPS to violate policies. Last but not least, we identified several research challenges that we consider important for future security research.

show abstract

“…This problem was originally addressed by the encrypted protocols DNS over TLS (DoT) [24] and DNS over HTTPS (DoH) [21], which have been integrated by browsers and public DNS resolvers since 2016 [9,12,16,17]. As these protocols have been extensively studied in terms of response times [5,8,23,40,40,53] and impact on Web performance [4,5,22], it has become clear that both DoT and DoH are constrained by the round-trips required for the handshakes of the underlying transport (TCP) and encryption (TLS) protocols.…”

Section: Introductionmentioning

confidence: 99%

DNS privacy with speed?

Kosek

Schumann

Marx

et al. 2022

Proceedings of the 22nd ACM Internet Measurement Conference

View full text Add to dashboard Cite

Over the last decade, Web traffic has significantly shifted towards HTTPS due to an increased awareness for privacy. However, DNS traffic is still largely unencrypted, which allows user profiles to be derived from plaintext DNS queries. While DNS over TLS (DoT) and DNS over HTTPS (DoH) address this problem by leveraging transport encryption for DNS, both protocols are constrained by the underlying transport (TCP) and encryption (TLS) protocols, requiring multiple round-trips to establish a secure connection. In contrast, QUIC combines the transport and cryptographic handshake into a single round-trip, which allows the recently standardized DNS over QUIC (DoQ) to provide DNS privacy with minimal latency. In the first study of its kind, we perform distributed DoQ measurements across multiple vantage points to evaluate the impact of DoQ on Web performance. We find that DoQ excels over DoH, leading to significant improvements with up to 10% faster loads for simple webpages. With increasing complexity of webpages, DoQ even catches up to DNS over UDP (DoUDP) as the cost of encryption amortizes: With DoQ being only ∼2% slower than DoUDP, encrypted DNS becomes much more appealing for the Web.

show abstract

Can Encrypted DNS Be Fast?

Cited by 15 publications

References 12 publications

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Summary of DNS Over HTTPS Abuse

DNS privacy with speed?

Contact Info

Product

Resources

About