Encrypted DNS - DNS over TLS / DNS over HTTPS
961 views
38 slides
Jan 31, 2019
Slide 1 of 38
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
About This Presentation
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the...
Slide Content
1· www.nic.at
DNSheads Vienna #5 · public
Briefing „EncryptedDNS“
DNS overTLS / DNS overHTTPS
DNSheads Vienna #5 · public
2019-01-30 · Alex Mayrhofer · Head ofResearch & Development
DNSheads Vienna #5 · public
Briefing „EncryptedDNS“
DNS overTLS / DNS overHTTPS
DNSheads Vienna #5 · public
2019-01-30 · Alex Mayrhofer · Head ofResearch & Development
2· www.nic.at
DNSheads Vienna #5 · public
Background
WhyDNS encryptionwas developed
DNSheads Vienna #5 · public
Background
WhyDNS encryptionwas developed
3· www.nic.at
DNSheads Vienna #5 · public
The DNS anno circa 2012
•SensationalSuccessStory
Age 25, andpracticallyunmodified
•Today: „Nothinggoes“ withoutDNS
•Clear text. Everything
„DNS ispublicanyways?“
•99% UDP, 1% TCP „fallback“
WorstTCP supportever!
•DNSSEC? Makeseverythingsecure, doesn‘tit!!?!
Doesonly„sign“, not „encrypt“
•2013: Snowdenrevelations
NSA: „Clear textPII data… mmmmm…“
IETF: „Ohhsheesh–wedidn‘texpect*that* scale!“
PhotobySimone AcquarolionUnsplash
DNSheads Vienna #5 · public
The DNS anno circa 2012
•SensationalSuccessStory
Age 25, andpracticallyunmodified
•Today: „Nothinggoes“ withoutDNS
•Clear text. Everything
„DNS ispublicanyways?“
•99% UDP, 1% TCP „fallback“
WorstTCP supportever!
•DNSSEC? Makeseverythingsecure, doesn‘tit!!?!
Doesonly„sign“, not „encrypt“
•2013: Snowdenrevelations
NSA: „Clear textPII data… mmmmm…“
IETF: „Ohhsheesh–wedidn‘texpect*that* scale!“
PhotobySimone AcquarolionUnsplash
4· www.nic.at
DNSheads Vienna #5 · public
„PervasiveMonitoring isan Attack“
•RFC 7258 –„PervasiveMonitoring isa technical
attackthatshouldbemitigatedin thedesign of
IETF protocols, wherepossible“
•Consequence: Review ofall importantprocotols
•DNS –there‘snot evena standardized*option*
forencryption
•Worse–contains„privacydefeating“ mechanism
UnneccessarilytransmitsfullQNAME in manycases
EDNS(0) Client Subnet
•LeakofMeta-Data & Fingerprinting
Re-identificationofindividualsacrossnetworks
But, but…
ohhhhh…
Photo byKotePuertoonUnsplash
DNSheads Vienna #5 · public
„PervasiveMonitoring isan Attack“
•RFC 7258 –„PervasiveMonitoring isa technical
attackthatshouldbemitigatedin thedesign of
IETF protocols, wherepossible“
•Consequence: Review ofall importantprocotols
•DNS –there‘snot evena standardized*option*
forencryption
•Worse–contains„privacydefeating“ mechanism
UnneccessarilytransmitsfullQNAME in manycases
EDNS(0) Client Subnet
•LeakofMeta-Data & Fingerprinting
Re-identificationofindividualsacrossnetworks
But, but…
ohhhhh…
Photo byKotePuertoonUnsplash
5· www.nic.at
DNSheads Vienna #5 · public
„Weneedencryption“
But wheretostart?
DNSheads Vienna #5 · public
„Weneedencryption“
But wheretostart?
6· www.nic.at
DNSheads Vienna #5 · public
The DNS Protocol arena
„RecursiveDNS Server“
„AuthoritativeDNS Server“
DNSheads Vienna #5 · public
The DNS Protocol arena
„RecursiveDNS Server“
„AuthoritativeDNS Server“
7· www.nic.at
DNSheads Vienna #5 · public
IETF DPRIVE* („PRIVateExchange“)
•2014: „Let‘sdeal withthestubresolver
torecursorleg“
Most significantinformationleakage
1:few Relation –Authentication simple
„Don‘tattempttoboiltheocean“
•2018: Re-Chartering: Includes
„recursivetoauthoritative“
More complex: m:nconnections
(Authentication!)
Milestone forend of2019
*https://datatracker.ietf.org/wg/dprive/about/
DNSheads Vienna #5 · public
IETF DPRIVE* („PRIVateExchange“)
•2014: „Let‘sdeal withthestubresolver
torecursorleg“
Most significantinformationleakage
1:few Relation –Authentication simple
„Don‘tattempttoboiltheocean“
•2018: Re-Chartering: Includes
„recursivetoauthoritative“
More complex: m:nconnections
(Authentication!)
Milestone forend of2019
*https://datatracker.ietf.org/wg/dprive/about/
8· www.nic.at
DNSheads Vienna #5 · public
DNS over(D)TLS
IETF: DPRIVE / DNSOP / (TLS)
DNSheads Vienna #5 · public
DNS over(D)TLS
IETF: DPRIVE / DNSOP / (TLS)
9· www.nic.at
DNSheads Vienna #5 · public
Liste ofrelevant RFCs
•RFC 7626 –DNS Privacy Considerations(DPRIVE)
•RFC 7766 –TCP Transport forDNS (DNSOP)
•RFC 7816 –QNAME Minimization(DNSOP)
•RFC 7828 –EDNS keepalive(DNSOP)
•RFC 7858 –DNS overTLS (DPRIVE)
•RFC 8094 –DNS overDTLS (DPRIVE)
•RFC 7830 (+RFC 8467) –DNS Padding(DPRIVE)
•RFC 8310 –UsageProfiles
•RFC 8446 –TLS 1.3 (TLS)
DNSheads Vienna #5 · public
Liste ofrelevant RFCs
•RFC 7626 –DNS Privacy Considerations(DPRIVE)
•RFC 7766 –TCP Transport forDNS (DNSOP)
•RFC 7816 –QNAME Minimization(DNSOP)
•RFC 7828 –EDNS keepalive(DNSOP)
•RFC 7858 –DNS overTLS (DPRIVE)
•RFC 8094 –DNS overDTLS (DPRIVE)
•RFC 7830 (+RFC 8467) –DNS Padding(DPRIVE)
•RFC 8310 –UsageProfiles
•RFC 8446 –TLS 1.3 (TLS)
10· www.nic.at
DNSheads Vienna #5 · public
RFC 7626 –DNS Privacy Considerations
•Privacy aspects/ issuesin areasoftheDNS:
In theDNS message(Query Name, IP Adresse)
On theserver
On theWire
Re-Identificationbasedon patterns
•Killsthe„DNS ispublicanyways!“ argument
Website of„AlcoholicsAnonymous“ ispublic
The factthatsomeonevisitsthatwebsiteregularlyisdefinitely
privacyrelevant!
•Practicalexample(similar..)
drugstoremorningafterpillvienna16.at
(Browser searchrequestsleakingtotheDNS?)
DNSheads Vienna #5 · public
RFC 7626 –DNS Privacy Considerations
•Privacy aspects/ issuesin areasoftheDNS:
In theDNS message(Query Name, IP Adresse)
On theserver
On theWire
Re-Identificationbasedon patterns
•Killsthe„DNS ispublicanyways!“ argument
Website of„AlcoholicsAnonymous“ ispublic
The factthatsomeonevisitsthatwebsiteregularlyisdefinitely
privacyrelevant!
•Practicalexample(similar..)
drugstoremorningafterpillvienna16.at
(Browser searchrequestsleakingtotheDNS?)
11· www.nic.at
DNSheads Vienna #5 · public
RFC 7766 –TCP Transport forDNS
•Goal: EstablishDNS overTCP als „firstclasscitizen“
•Features
Persistent connections(Client supposedtocloseconnections)
Connection re-use
Pipelining
Response Reordering
TCP Fast Open
Similar: „Happy Eyeballs“
DNSheads Vienna #5 · public
RFC 7766 –TCP Transport forDNS
•Goal: EstablishDNS overTCP als „firstclasscitizen“
•Features
Persistent connections(Client supposedtocloseconnections)
Connection re-use
Pipelining
Response Reordering
TCP Fast Open
Similar: „Happy Eyeballs“
12· www.nic.at
DNSheads Vienna #5 · public
RFC 7816 –QNAME Minimization
DNSheads Vienna #5 · public
RFC 7816 –QNAME Minimization
13· www.nic.at
DNSheads Vienna #5 · public
RFC 7828 –EDNS keepalive
•EDNS Option forSession Management
•ForTCP only!
•Clients: „Pleaseleaveconnectionopen forX seconds“
•Server: „Ok, leaveitopen forX seconds“ or„Please
closeconnectionnow!“
DNSheads Vienna #5 · public
RFC 7828 –EDNS keepalive
•EDNS Option forSession Management
•ForTCP only!
•Clients: „Pleaseleaveconnectionopen forX seconds“
•Server: „Ok, leaveitopen forX seconds“ or„Please
closeconnectionnow!“
14· www.nic.at
DNSheads Vienna #5 · public
RFC 7858 –DNS overTLS (DoT)
•New Port 853 / TCP
•„On thewire“ protocolisunmodified
•Authentification: Certificatesusw? -> RFC 8310
„Opportunistic“ vs. „Strict“
Chicken/Egg -> Bootstrapping des DoTServers wie?
•Doesnot changethe„path“ oftheDNS message
ExistingRecursiveNameserver cansimplyofferan additional,
encryptedchannel
DNSheads Vienna #5 · public
RFC 7858 –DNS overTLS (DoT)
•New Port 853 / TCP
•„On thewire“ protocolisunmodified
•Authentification: Certificatesusw? -> RFC 8310
„Opportunistic“ vs. „Strict“
Chicken/Egg -> Bootstrapping des DoTServers wie?
•Doesnot changethe„path“ oftheDNS message
ExistingRecursiveNameserver cansimplyofferan additional,
encryptedchannel
15· www.nic.at
DNSheads Vienna #5 · public
RFC 8094 –DNS overDTLS
•Port 853 / UDP
•„Same Samebut Different“
•Experimental!
Issueswithfragmentation
DTLS isnot widelyimplemented
•Performance advantageofUDP?
MostlybecauseTCP implementationusedtobeso „lousy“.
DNSheads Vienna #5 · public
RFC 8094 –DNS overDTLS
•Port 853 / UDP
•„Same Samebut Different“
•Experimental!
Issueswithfragmentation
DTLS isnot widelyimplemented
•Performance advantageofUDP?
MostlybecauseTCP implementationusedtobeso „lousy“.
16· www.nic.at
DNSheads Vienna #5 · public
EDNS(0) Padding
It‘srequiredforprivacy–but, why?
DNSheads Vienna #5 · public
EDNS(0) Padding
It‘srequiredforprivacy–but, why?
17· www.nic.at
DNSheads Vienna #5 · public
EDNS(0) Padding–why?
•Encryption removes„direct“ accesstotheinformation
What‘sleftfortheAttacker?
•„PrettyBad Privacy –PitfallsofDNS Encryption“*
HayaShulman@ IETF 93
Applied Networking Research Price –IRTF
•Side Channel informationiskey!
Countermeasures
*https://www.ietf.org/proceedings/93/slides/slides-93-irtfopen-1.pdf
DNSheads Vienna #5 · public
EDNS(0) Padding–why?
•Encryption removes„direct“ accesstotheinformation
What‘sleftfortheAttacker?
•„PrettyBad Privacy –PitfallsofDNS Encryption“*
HayaShulman@ IETF 93
Applied Networking Research Price –IRTF
•Side Channel informationiskey!
Countermeasures
*https://www.ietf.org/proceedings/93/slides/slides-93-irtfopen-1.pdf
18· www.nic.at
DNSheads Vienna #5 · public
ApplicationQueries–it‘sa stream
•A Pattern -Not just a singlequery/responsepair
DNSheads Vienna #5 · public
ApplicationQueries–it‘sa stream
•A Pattern -Not just a singlequery/responsepair
19· www.nic.at
DNSheads Vienna #5 · public
EncryptedDNS
•Streams still createsize/timing„patterns“
DNSheads Vienna #5 · public
EncryptedDNS
•Streams still createsize/timing„patterns“
20· www.nic.at
DNSheads Vienna #5 · public
Size basedCorrelation
•Comparewithknowncleartextpatterns
•Even workswitha subsetofmessagesizes
DNSheads Vienna #5 · public
Size basedCorrelation
•Comparewithknowncleartextpatterns
•Even workswitha subsetofmessagesizes
21· www.nic.at
DNSheads Vienna #5 · public
IntroducingPadding
•Obfuscatesthesizepattern-> Hamperscorrelation
•More „hits“ -> lesslikelythatidentificationispossible
DNSheads Vienna #5 · public
IntroducingPadding
•Obfuscatesthesizepattern-> Hamperscorrelation
•More „hits“ -> lesslikelythatidentificationispossible
22· www.nic.at
DNSheads Vienna #5 · public
RFC 7830 –EDNS(0) PaddingOption
•EDNS Option code12
https://tools.ietf.org/html/rfc7830
DNSheads Vienna #5 · public
RFC 7830 –EDNS(0) PaddingOption
•EDNS Option code12
https://tools.ietf.org/html/rfc7830
23· www.nic.at
DNSheads Vienna #5 · public
DNS overHTTPS
An alternative encryptionscheme, drivenbybrowservendors
DNSheads Vienna #5 · public
DNS overHTTPS
An alternative encryptionscheme, drivenbybrowservendors
24· www.nic.at
DNSheads Vienna #5 · public
Motivation –Browser Vendors
•(a) Browsers do a lotofDNS thesedays
Websites + assets(JS, Ads, Statistics…), CDNs
CertificateValidation (OCSP), SafeBrowsinglists, updates, …
More directcontrolovertheDNS API desired
•(b) Timing andavailabilityiscritical
„Happy Eyeballs“ –Slow orlousy(local) DNS serverscreatebad
userexperience
„Bad Hotel WiFi“ isoften„Bad Hotel DNS“…
•(c) DNS isusedforcensorship
Circumventinglocal(censoring) DNS serversprotectsFreedom of
Speech
Eg. Google Jigsaw
ttps://dnsserver.example.net/dns-query{?dns}
DNSheads Vienna #5 · public
Motivation –Browser Vendors
•(a) Browsers do a lotofDNS thesedays
Websites + assets(JS, Ads, Statistics…), CDNs
CertificateValidation (OCSP), SafeBrowsinglists, updates, …
More directcontrolovertheDNS API desired
•(b) Timing andavailabilityiscritical
„Happy Eyeballs“ –Slow orlousy(local) DNS serverscreatebad
userexperience
„Bad Hotel WiFi“ isoften„Bad Hotel DNS“…
•(c) DNS isusedforcensorship
Circumventinglocal(censoring) DNS serversprotectsFreedom of
Speech
Eg. Google Jigsaw
ttps://dnsserver.example.net/dns-query{?dns}
25· www.nic.at
DNSheads Vienna #5 · public
IETF DoH* (DNS overHTTPs) group
•Founded2017
•2018: RFC 8484
GET orPOST
URI Templates (https://dnsserver.example.net/dns-
query{?dns})
Wire-Format: application/dns-message (identicalzu „normal“
DNS), oder JSON
HTTP Response-Code always2xx (ifsuccessful), nomatter
whichDNS responsecode
*https://datatracker.ietf.org/wg/doh/about/
DNSheads Vienna #5 · public
IETF DoH* (DNS overHTTPs) group
•Founded2017
•2018: RFC 8484
GET orPOST
URI Templates (https://dnsserver.example.net/dns-
query{?dns})
Wire-Format: application/dns-message (identicalzu „normal“
DNS), oder JSON
HTTP Response-Code always2xx (ifsuccessful), nomatter
whichDNS responsecode
*https://datatracker.ietf.org/wg/doh/about/
26· www.nic.at
DNSheads Vienna #5 · public
EffectsofencryptedDNS
The implicationsoftypicaloperational models
DNSheads Vienna #5 · public
EffectsofencryptedDNS
The implicationsoftypicaloperational models
27· www.nic.at
DNSheads Vienna #5 · public
„Plain“ DNS
DNSheads Vienna #5 · public
„Plain“ DNS
28· www.nic.at
DNSheads Vienna #5 · public
DNS overTLS
DNSheads Vienna #5 · public
DNS overTLS
29· www.nic.at
DNSheads Vienna #5 · public
DNS overHTTPS (typical)
DNSheads Vienna #5 · public
DNS overHTTPS (typical)
30· www.nic.at
DNSheads Vienna #5 · public
ConcernsregardingDoH
•4 Browser Vendors
•Fewbigpublicrecursorvendors(1.1.1.1, 8.8.8.8,
9.9.9.9)
•Market concentration/ Control?
Pre-configuredpublicrecursors
Example: Mozilla / Cloudflarediscussion
•Media echo (German only, sorry!)
https://Heise.de/-4203225.html(„Die DNS Gruft gehört
ausgelüftet“)
https://heise.de/-4205380.html(„Vom DNS, aktuellen Hypes,
Überwachung und Zensur“)
DNSheads Vienna #5 · public
ConcernsregardingDoH
•4 Browser Vendors
•Fewbigpublicrecursorvendors(1.1.1.1, 8.8.8.8,
9.9.9.9)
•Market concentration/ Control?
Pre-configuredpublicrecursors
Example: Mozilla / Cloudflarediscussion
•Media echo (German only, sorry!)
https://Heise.de/-4203225.html(„Die DNS Gruft gehört
ausgelüftet“)
https://heise.de/-4205380.html(„Vom DNS, aktuellen Hypes,
Überwachung und Zensur“)
31· www.nic.at
DNSheads Vienna #5 · public
Implementations
Server, Clients, Tools
DNSheads Vienna #5 · public
Implementations
Server, Clients, Tools
32· www.nic.at
DNSheads Vienna #5 · public
DoTClients
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Implementation+Status
DNSheads Vienna #5 · public
DoTClients
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Implementation+Status
33· www.nic.at
DNSheads Vienna #5 · public
DoTServer Software
DNSheads Vienna #5 · public
DoTServer Software
34· www.nic.at
DNSheads Vienna #5 · public
DoT(andDoH) publicrecursors
•Google DNS (8.8.8.8)
•Cloudflare(1.1.1.1)
•Quad9 (9.9.9.9)
•CleanBrowsing(various, withFilters)
DNSheads Vienna #5 · public
DoT(andDoH) publicrecursors
•Google DNS (8.8.8.8)
•Cloudflare(1.1.1.1)
•Quad9 (9.9.9.9)
•CleanBrowsing(various, withFilters)
35· www.nic.at
DNSheads Vienna #5 · public
DoH
•Clients
Mozilla Firefox
Google Chrome
(plus testtools)
•Server Software
https://github.com/facebookexperimental/doh-proxy
https://github.com/curl/curl/wiki/DNS-over-HTTPS#doh-tools
DNSheads Vienna #5 · public
DoH
•Clients
Mozilla Firefox
Google Chrome
(plus testtools)
•Server Software
https://github.com/facebookexperimental/doh-proxy
https://github.com/curl/curl/wiki/DNS-over-HTTPS#doh-tools
36· www.nic.at
DNSheads Vienna #5 · public
Android 9 –DNS overTLS bydefault
•UsesDNS overTLS ifavailable
on localnameserver
•Falls back tounencryptedDNS
ifunavailable
DNSheads Vienna #5 · public
Android 9 –DNS overTLS bydefault
•UsesDNS overTLS ifavailable
on localnameserver
•Falls back tounencryptedDNS
ifunavailable
37· www.nic.at
DNSheads Vienna #5 · public
ExecSummary
•DNS cannowbeencrypted, eithervia TLS orHTTPS
•DNS overHTTPs ismore„disruptive“ thanDNS overTLS
•Public recursorshaveimplementedeither(orboth)
But fewlocalprovidershaveimplementedit(seebelow:-/)
•Browser VendorsareimplementingDNS overHTTPs
Ongoingpolicydiscussionsaroundpre-configurationofrecursors
•Android 9 implementsDNS overTLS *bydefault*
Automaticallyusesitifavailable(seeabove:-/)
Google suggestingtoconfigure„dns.google“ manually
•Windows / MacOS –no„out ofthebox“ solutions–
„Stubby“
DNSheads Vienna #5 · public
ExecSummary
•DNS cannowbeencrypted, eithervia TLS orHTTPS
•DNS overHTTPs ismore„disruptive“ thanDNS overTLS
•Public recursorshaveimplementedeither(orboth)
But fewlocalprovidershaveimplementedit(seebelow:-/)
•Browser VendorsareimplementingDNS overHTTPs
Ongoingpolicydiscussionsaroundpre-configurationofrecursors
•Android 9 implementsDNS overTLS *bydefault*
Automaticallyusesitifavailable(seeabove:-/)
Google suggestingtoconfigure„dns.google“ manually
•Windows / MacOS –no„out ofthebox“ solutions–
„Stubby“
38· www.nic.at
DNSheads Vienna #5 · public
nic.at GmbH
Jakob-Haringer-Str. 8/V · 5020 Salzburg · Austria
T +43 662 4669 -34 · F -29
[email protected] · www.nic.at
DNSheads Vienna #5 · public
nic.at GmbH
Jakob-Haringer-Str. 8/V · 5020 Salzburg · Austria
T +43 662 4669 -34 · F -29
[email protected] · www.nic.at
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 961
- Slides 38
- Favorites 2
- Age 2497 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views