T-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended)

T-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended). Zhu, L., Hu, Z., Heidemann, J., Wessels, D., Mankin, A., & Somaiya, N. Technical Report ISI-TR-2014-693, USC/Information Sciences Institute, June, 2014.

Paper abstract bibtex

DNS is the canonical protocol for connectionless UDP. Yet DNS today is challenged by eavesdropping that compromises privacy, source-address spoofing that results in denial-of-service (DoS) attacks on the server and third parties, injection attacks that exploit fragmentation, and size limitations that constrain policy and operational choices. We propose \emphT-DNS to address these problems. It uses TCP to smoothly support large payloads and to mitigate spoofing and amplification for DoS. T-DNS uses transport-layer security (TLS) to provide privacy from users to their DNS resolvers and optionally to authoritative servers. Expectations about DNS suggest connections will balloon client latency and overwhelm server with state, but our evaluation shows costs are modest: end-to-end latency from \emphTLS to the recursive resolver is only about 9% slower when UDP is used to the authoritative server, and 22% slower with TCP to the authoritative. With diverse traces we show that frequent connection reuse is possible (60–95% for stub and recursive resolvers, although half that for authoritative servers), and after connection establishment, we show TCP and TLS latency is equivalent to UDP. With conservative timeouts (20\,s at authoritative servers and 60\,s elsewhere) and conservative estimates of connection state memory requirements, we show that \emphserver memory requirements match current hardware: a large recursive resolver may have 24k active connections requiring about 3.6\,GB additional RAM. We identify the key design and implementation decisions needed to minimize overhead: query pipelining, out-of-order responses, TLS connection resumption, and plausible timeouts.

@TechReport{Zhu14b,
	author = 	"Liang Zhu and Zi Hu and John Heidemann and
 Duane Wessels and Allison Mankin and Nikita Somaiya",
	title = "T-{DNS}: Connection-Oriented {DNS} to Improve Privacy and Security (extended)",
	institution = 	"USC/Information Sciences Institute",
	year = 		2014,
	sortdate = 		"2014-06-01",
	number =	"ISI-TR-2014-693",
	month =		jun,
	jlocation =	"johnh: pafile",
	keywords =	"network outage detection, hurricane sandy",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.html",
	pdfurl =	"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.pdf",
	otherurl = "ftp://ftp.isi.edu/isi-pubs/tr-693.pdf",
	myorganization =	"USC/Information Sciences Institute",
	copyrightholder = "authors",
	project = "ant, retrofuture, lacrend, tdns",
	blogurl = 	"https://ant.isi.edu/blog/?p=508",
        datasetlurl =   "https://ant.isi.edu/datasets/all.html",
        codeurl =       "https://ant.isi.edu/software/tdns/index.html",
	abstract = "
DNS is the canonical protocol for connectionless UDP.  Yet DNS today
is challenged by eavesdropping that compromises privacy,
source-address spoofing that results in denial-of-service (DoS)
attacks on the server and third parties, injection attacks that
exploit fragmentation, and size limitations that constrain policy and
operational choices.  We propose \emph{T-DNS} to address these
problems.  It uses TCP to smoothly support large payloads and to
mitigate spoofing and amplification for DoS.  T-DNS uses
transport-layer security (TLS) to provide privacy from users to their
DNS resolvers and optionally to authoritative servers.  Expectations
about DNS suggest connections will balloon client latency and
overwhelm server with state, but our evaluation shows costs are
modest:  end-to-end latency 
from \emph{TLS to the recursive resolver is only about 9\% slower} 
when UDP is used to the authoritative
server, and 22\% slower with TCP to the authoritative.  With diverse
traces we show that frequent connection reuse is possible (60--95\%
for stub and recursive resolvers, although half that for authoritative
servers), and after connection establishment, we show TCP and TLS
latency is equivalent to UDP.  With conservative timeouts (20\,s at
authoritative servers and 60\,s elsewhere) and conservative estimates
of connection state memory requirements, we show 
that \emph{server memory requirements match current hardware}:  
a large recursive
resolver may have 24k active connections requiring about 3.6\,GB
additional RAM.  We identify the key design and implementation
decisions needed to minimize overhead: query pipelining, out-of-order
responses, TLS connection resumption, and plausible timeouts.
",
}

Downloads: 0

{"_id":"uwFZ6HuLsTz4MYwT9","bibbaseid":"zhu-hu-heidemann-wessels-mankin-somaiya-tdnsconnectionorienteddnstoimproveprivacyandsecurityextended-2014","author_short":["Zhu, L.","Hu, Z.","Heidemann, J.","Wessels, D.","Mankin, A.","Somaiya, N."],"bibdata":{"bibtype":"techreport","type":"techreport","author":[{"firstnames":["Liang"],"propositions":[],"lastnames":["Zhu"],"suffixes":[]},{"firstnames":["Zi"],"propositions":[],"lastnames":["Hu"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]},{"firstnames":["Duane"],"propositions":[],"lastnames":["Wessels"],"suffixes":[]},{"firstnames":["Allison"],"propositions":[],"lastnames":["Mankin"],"suffixes":[]},{"firstnames":["Nikita"],"propositions":[],"lastnames":["Somaiya"],"suffixes":[]}],"title":"T-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended)","institution":"USC/Information Sciences Institute","year":"2014","sortdate":"2014-06-01","number":"ISI-TR-2014-693","month":"June","jlocation":"johnh: pafile","keywords":"network outage detection, hurricane sandy","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.pdf","otherurl":"ftp://ftp.isi.edu/isi-pubs/tr-693.pdf","myorganization":"USC/Information Sciences Institute","copyrightholder":"authors","project":"ant, retrofuture, lacrend, tdns","blogurl":"https://ant.isi.edu/blog/?p=508","datasetlurl":"https://ant.isi.edu/datasets/all.html","codeurl":"https://ant.isi.edu/software/tdns/index.html","abstract":"DNS is the canonical protocol for connectionless UDP. Yet DNS today is challenged by eavesdropping that compromises privacy, source-address spoofing that results in denial-of-service (DoS) attacks on the server and third parties, injection attacks that exploit fragmentation, and size limitations that constrain policy and operational choices. We propose \\emphT-DNS to address these problems. It uses TCP to smoothly support large payloads and to mitigate spoofing and amplification for DoS. T-DNS uses transport-layer security (TLS) to provide privacy from users to their DNS resolvers and optionally to authoritative servers. Expectations about DNS suggest connections will balloon client latency and overwhelm server with state, but our evaluation shows costs are modest: end-to-end latency from \\emphTLS to the recursive resolver is only about 9% slower when UDP is used to the authoritative server, and 22% slower with TCP to the authoritative. With diverse traces we show that frequent connection reuse is possible (60–95% for stub and recursive resolvers, although half that for authoritative servers), and after connection establishment, we show TCP and TLS latency is equivalent to UDP. With conservative timeouts (20\\,s at authoritative servers and 60\\,s elsewhere) and conservative estimates of connection state memory requirements, we show that \\emphserver memory requirements match current hardware: a large recursive resolver may have 24k active connections requiring about 3.6\\,GB additional RAM. We identify the key design and implementation decisions needed to minimize overhead: query pipelining, out-of-order responses, TLS connection resumption, and plausible timeouts. ","bibtex":"@TechReport{Zhu14b,\n\tauthor = \t\"Liang Zhu and Zi Hu and John Heidemann and\n Duane Wessels and Allison Mankin and Nikita Somaiya\",\n\ttitle = \"T-{DNS}: Connection-Oriented {DNS} to Improve Privacy and Security (extended)\",\n\tinstitution = \t\"USC/Information Sciences Institute\",\n\tyear = \t\t2014,\n\tsortdate = \t\t\"2014-06-01\",\n\tnumber =\t\"ISI-TR-2014-693\",\n\tmonth =\t\tjun,\n\tjlocation =\t\"johnh: pafile\",\n\tkeywords =\t\"network outage detection, hurricane sandy\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.pdf\",\n\totherurl = \"ftp://ftp.isi.edu/isi-pubs/tr-693.pdf\",\n\tmyorganization =\t\"USC/Information Sciences Institute\",\n\tcopyrightholder = \"authors\",\n\tproject = \"ant, retrofuture, lacrend, tdns\",\n\tblogurl = \t\"https://ant.isi.edu/blog/?p=508\",\n datasetlurl = \"https://ant.isi.edu/datasets/all.html\",\n codeurl = \"https://ant.isi.edu/software/tdns/index.html\",\n\tabstract = \"\nDNS is the canonical protocol for connectionless UDP. Yet DNS today\nis challenged by eavesdropping that compromises privacy,\nsource-address spoofing that results in denial-of-service (DoS)\nattacks on the server and third parties, injection attacks that\nexploit fragmentation, and size limitations that constrain policy and\noperational choices. We propose \\emph{T-DNS} to address these\nproblems. It uses TCP to smoothly support large payloads and to\nmitigate spoofing and amplification for DoS. T-DNS uses\ntransport-layer security (TLS) to provide privacy from users to their\nDNS resolvers and optionally to authoritative servers. Expectations\nabout DNS suggest connections will balloon client latency and\noverwhelm server with state, but our evaluation shows costs are\nmodest: end-to-end latency \nfrom \\emph{TLS to the recursive resolver is only about 9\\% slower} \nwhen UDP is used to the authoritative\nserver, and 22\\% slower with TCP to the authoritative. With diverse\ntraces we show that frequent connection reuse is possible (60--95\\%\nfor stub and recursive resolvers, although half that for authoritative\nservers), and after connection establishment, we show TCP and TLS\nlatency is equivalent to UDP. With conservative timeouts (20\\,s at\nauthoritative servers and 60\\,s elsewhere) and conservative estimates\nof connection state memory requirements, we show \nthat \\emph{server memory requirements match current hardware}: \na large recursive\nresolver may have 24k active connections requiring about 3.6\\,GB\nadditional RAM. We identify the key design and implementation\ndecisions needed to minimize overhead: query pipelining, out-of-order\nresponses, TLS connection resumption, and plausible timeouts.\n\",\n}\n\n","author_short":["Zhu, L.","Hu, Z.","Heidemann, J.","Wessels, D.","Mankin, A.","Somaiya, N."],"bibbaseid":"zhu-hu-heidemann-wessels-mankin-somaiya-tdnsconnectionorienteddnstoimproveprivacyandsecurityextended-2014","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Zhu14b.html"},"keyword":["network outage detection","hurricane sandy"],"metadata":{"authorlinks":{}}},"bibtype":"techreport","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","fLZcDgNSoSuatv6aX","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["network outage detection","hurricane sandy"],"search_terms":["dns","connection","oriented","dns","improve","privacy","security","extended","zhu","hu","heidemann","wessels","mankin","somaiya"],"title":"T-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended)","year":2014}