Research On Privacy Protection Technology Of DNS Protocol

With the rapid development of Internet technology, user’s demand and dependence on network resources are increasing. In order to resolve the incoordination between human recognizable text and machine-readable digital, the Domain Name System (Domain Name System, DNS) act as a key role from birth. However, the endless emergence of new network services and hacking means weakens the security of traditional DNS. To achieve the goal of enhancing the reliability of the system via varies approaches, to optimize the related processes, to find loopholes in the protocol and other means, has attract wide attention in the academia and industry.This thesis focus on user privacy issues under the background of network security. Through in-depth analysis related standards and drafts under the Internet Engineering Task Force (Internet Engineering Task Force, IETF) in DNS PRIVate Exchange (dprive) and other relevant working groups, this thesis makes the following work in four areas: the hacking protection mechanism against eavesdropping, the simplification and aggregation of request data, the encryption in the transmission of DNS data and functional verification.Firstly, the existing domain name system and protection scheme was analyzed. At present, the protection scheme of DNS privacy is still in stage of the standardization process and developing rapidly. It is inevitable to summarize the developments, core technology and research results of the DNS over TLS/DTLS scheme inside the working group and make some optimization.Secondly, port switching and virtual network mapping mechanism was designed. In this part, the existing problems in the combination of transport layer security and domain name system was combed, and the protocol standardization work in the working group was concluded. This thesis designs a method that can protect user privacy and transport layer security and present its procedure.Again, domain name request simplification and aggregation scheme was designed. After analyzing the cause of the redundancy of domain name request in actual motion and referring to existing plan, this thesis suggest an expansion strategy which is easy to deploy. The grammar and semantics of asking and resolving in multi-request aggregation was designed and some simplification and code modification suggestion was given.Finally, a platform for functional verification was established and the function of the scheme given was tested, which shows all the scheme function normally.