The DNS is essentially a phonebook for the Internet’s domain names. When any device makes the first request over the internet, the first step is typically is to look up to the domain name in the DNS for the corresponding IP address to send request to.
Generally DNS query are sent in cleartext, revealing significant information such as websites the user visits, the IP and MAC addresses of the devices and also the types of devices being used by the user. Attackers can eavesdrop to fetch identity of users and maliciously access data at any DNS server.
A research at Princeton University suggests a way to protect the identity of internet users by adding an extra layer to Domain Naming System (DNS) traffic.
Implementation of ODNS is quite simple. It requires additional 2 nodes to the DNS chain: a new server called an ODNS Stub between the user and the recursive DNS server, and a new ODNS authoritative name server that comes after the recursive DNS server.
image source : https://odns.cs.princeton.edu/
Those two new nodes facilitate the encryption and breaking up of a user identity (IP address, subnet, MAC) from the user request (site name).
- A user requests URL www.logix.in.
- The request is encrypted, attached with a session key and appended via .odns onto the request by the ODNS Stub.
- When recursive DNS server sees .odns extension in the request, forwards it to the ODNS authoritative name server.
- The ODNS Authoritative name server on receiving the request, decrypts it and forwards it to the appropriate servers, completing the request.
In this way, the recursive DNS server know who you are but doesn’t know your request and the ODNS server knows your request but not your identity. The Princeton team says it is still under prototype mode and would take time for real implementation. Once this gets implemented, it would be a real breakthrough in internet security.
Logix Infosecurity helps your organization deploy best tools to keep your company safe on the internet. We help you design a smart disaster recovery plan exactly suitable for your business requirements. It is always good to be prepared than regret later.