DNS over DTLS (DNSoD)
暂无分享,去创建一个
DNS queries and responses are visible to network elements on the path
between the DNS client and its server. These queries and responses can
contain privacy-sensitive information which is valuable to protect. An
active attacker can send bogus responses causing misdirection of the
subsequent connection. To counter passive listening and active
attacks, this document proposes the use of Datagram Transport Layer
Security (DTLS) for DNS, to protect against passive listeners and
certain active attacks. As DNS needs to remain fast, this proposal
also discusses mechanisms to reduce DTLS round trips and reduce DTLS
handshake size. The proposed mechanism runs over the default DNS port
and can also run over an alternate port.