网络与信息安全学报2024,Vol.10Issue(5):71-80,10.DOI:10.11959/j.issn.2096-109x.2024067
递归-权威侧部署加密DNS协议的隐私收益评估方法及测量分析
Measurement and evaluation for privacy benefits of deploying encrypted DNS protocol between recursive and authoritative servers
摘要
Abstract
The encrypted DNS protocol was originally designed to protect DNS communication privacy between us-ers and recursive resolvers(user-recursive side).Currently,encrypted DNS communication has been widely de-ployed.However,DNS communications between recursive resolvers and authoritative servers(recursive-authoritative side)still faced significant privacy threats.To address this issue,the Internet Engineering Task Force(IETF)officially released RFC 9539 in February 2024,which utilized the encrypted DNS protocol to protect DNS communication privacy on the recursive-authoritative side.Focusing on the privacy benefits of deploying the en-crypted DNS protocol on the recursive-authoritative side,a method to evaluate the privacy benefits of domain names was proposed.The method defined three levels of privacy benefits by analyzing the number of domain names hosted by authoritative servers of the target domain name.Combined with the zone files of 1058 top-level domains,the privacy benefit level was determined for 2.43 million popular domain names and 40 thousand sensi-tive domain names.The results showed that over 90%of domain names could achieve privacy protection through the deployment of encrypted DNS on the recursive-authoritative side.However,6.28%of sensitive domain names could not benefit from such deployment.In addition,some popular domain names also did not gain privacy ben-efits.Compared to large domain hosting providers,smaller providers could offer higher privacy benefits for domain names.Administrators were advised not to deploy domains on authoritative servers that hosted only a single do-main name,which significantly compromised the privacy protection effectiveness of encrypted DNS protocol de-ployment on the recursive-authoritative side.关键词
域名系统/加密DNS/隐私保护/互联网测量Key words
domain name system/encrypted DNS/privacy protection/internet measurement分类
信息技术与安全科学引用本文复制引用
段丽莹,李瑞烜,刘西蒙,邵俊,刘保君..递归-权威侧部署加密DNS协议的隐私收益评估方法及测量分析[J].网络与信息安全学报,2024,10(5):71-80,10.基金项目
国家重点研发计划青年科学家项目(2023YFB3105600) The National Key R&D Program for Young Scientists of China(2023YFB3105600) (2023YFB3105600)
