Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination


Marcel Waldvogel, Thomas Zink: Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination. In: NetSys 2015, Gesellschaft für Informatik, 2015.

Download the opDNS demo poster.

Abstract

SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addresses these problems by abandoning pessimistic caching and eliminating unnecessary traffic. Today’s DNS infrastructure relies on the hosts forgetting and refreshing DNS records in relatively short time. In conjunction with TLS, opDNS greatly reduces the number of queries and in turn increases privacy, reliability, and efficiency. Even with DNS lookups all but eliminated for frequently visited secure services, changes to the server addresses will be recognized almost immediately, unlike standard DNS. We will show how end systems can take advantage of opDNS without having to wait for support by server operators or application developers, enabling the most effective way of deployment.

BibTeX (Download)

@inproceedings{Waldvogel2015Boost,
title = {Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination},
author = {Marcel Waldvogel and Thomas Zink},
url = {https://netfuture.ch/wp-content/uploads/2014/12/waldvogel2015boost.pdf
https://netfuture.ch/wp-content/uploads/2015/03/opdns-poster.pdf},
year  = {2015},
date = {2015-03-10},
urldate = {1000-01-01},
booktitle = {NetSys 2015},
publisher = {Gesellschaft für Informatik},
abstract = {SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addresses these problems by abandoning pessimistic caching and eliminating unnecessary traffic. Today’s DNS infrastructure relies on the hosts forgetting and refreshing DNS records in relatively short time. In conjunction with TLS, opDNS greatly reduces the number of queries and in turn increases privacy, reliability, and efficiency. Even with DNS lookups all but eliminated for frequently visited secure services, changes to the server addresses will be recognized almost immediately, unlike standard DNS. We will show how end systems can take advantage of opDNS without having to wait for support by server operators or application developers, enabling the most effective way of deployment.},
keywords = {DNS, Privacy, Security},
pubstate = {published},
tppubtype = {inproceedings}
}

Let’s stay in touch!

Receive a mail whenever I publish a new post.

About 1-2 Mails per month, no Spam.

Follow me on the Fediverse

Web apps


Leave a Reply

Only people in my network can comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.