HUSCAP logo Hokkaido Univ. logo

Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >


Files in This Item:
IA2023-11.pdf1.86 MBPDFView/Open
Please use this identifier to cite or link to this item:

Title: DNSのプライバシー保護を強化するための権威DNSサーバ発見方式の検討
Other Titles: A consideration about a discovering method of privacy-enhanced authoritative DNS servers
Authors: 砂原, 悟1 Browse this author →KAKEN DB
金, 勇2 Browse this author →KAKEN DB
飯田, 勝吉3 Browse this author →KAKEN DB
Authors(alt): SUNAHARA, Satoru1
JIN, Yong2
IIDA, Katsuyoshi3
Keywords: DNS
privacy protection
Encrypted DNS Authoritative Server
Servicer Discovery
NS Records
Issue Date: 14-Sep-2023
Publisher: 電子情報通信学会
Journal Title: 電子情報通信学会技術研究報告
Journal Title(alt): IEICE Technical Report
Volume: 123
Issue: 193
Start Page: 1
End Page: 5
Abstract: DNSクエリの平文通信にはプライバシーの漏洩リスクが存在する.そのため,クライアント端末からフルサービスリゾルバ間,そしてフルサービスリゾルバから権威DNSサーバ間のDNS通信は全て暗号化による保護が求められる.現在,IETFからフルサービスリゾルバと権威DNSサーバ間の通信を暗号化するための仕様案が発表されているが,この方式は既存の平文通信との互換性を重視しているため,フルサービスリゾルバが暗号化通信に対応した権威DNSサーバを発見するまでは,プライバシーの漏洩リスクが残る.本論文では,各ゾーンの親権威DNSサーバに該当ゾーンの暗号化通信への対応状況を示すダミーのNSレコードを追加することで,互換性とプライバシー保護を両立させる方法を提案する.また,この提案方法の実装と機能確認についても述べる.
Plain-text communication of DNS queries poses a risk of privacy leakage. Therefore, it is imperative to achieve protection through encryption for DNS communication between end terminals and full-service resolvers, as well as between full-service resolvers and authoritative DNS servers. The IETF has published an internet-draft for encrypting communication between full-service resolvers and authoritative DNS servers. However, this approach prioritizes compatibility with existing plain-text communication, which means that the risk of privacy leakage remains until a full-service resolver discovers an author-itative DNS server compatible with encrypted communication. In this paper, we propose a method to achieve the compatibility and privacy protection by adding dummy NS records indicating the status of support for encrypted communication of respective zones to the authoritative DNS servers of each zone. Additionally, we discuss the implementation and functional verification of this proposed method.
Rights: Copyright ©2023 IEICE
Publisher URI:
Type: article
Appears in Collections:情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)

Submitter: 飯田 勝吉

Export metadata:

OAI-PMH ( junii2 , jpcoar_1.0 )

MathJax is now OFF:


 - Hokkaido University