Skip to main content
Conference ProceedingsOPEN ACCESS

PDoT

Digital Threats: Research and Practice (2021) 2(1)
DOI: 10.1145/3431171
4Citations
Citations of this article
69Readers
Mendeley users who have this article in their library.

Abstract

Security and privacy of the Internet Domain Name System (DNS) have been longstanding concerns. Recently, there is a trend to protect DNS traffic using Transport Layer Security (TLS). However, at least two major issues remain: (1) How do clients authenticate DNS-over-TLS endpoints in a scalable and extensible manner? and (2) How can clients trust endpoints to behave as expected? In this article, we propose a novel Private DNS-over-TLS (PDoT) architecture. PDoT includes a DNS Recursive Resolver (RecRes) that operates within a Trusted Execution Environment. Using Remote Attestation, DNS clients can authenticate and receive strong assurance of trustworthiness of PDoT RecRes. We provide an open source proof-of-concept implementation of PDoT and experimentally demonstrate that its latency and throughput match that of the popular Unbound DNS-over-TLS resolver.

Author supplied keywords

Cite

CITATION STYLE

APA

Nakatsuka, Y., Paverd, A., & Tsudik, G. (2021). PDoT. In Digital Threats: Research and Practice (Vol. 2). Association for Computing Machinery. https://doi.org/10.1145/3431171

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free