DPRIVE P. Zuo
Internet-Draft H. Li
Intended status: Informational N. Kong
Expires: January 3, 2016 X. Lee
G. Deng, Ed.
J. Yao, Ed.
N. Wang, Ed.
CNNIC
July 2, 2015
Approach on encrypting DNS message over UDP
draft-zuo-dprive-encryption-over-udp-00
Abstract
This document offers an approach to encrypt DNS queries and responses
between the stub resolver and the recursive server over UDP to
protect user privacy. The public key of the recursive server is
distributed to the stub resolver through the Certificate Authority
infrastructure, and the public key of the stub resolver is sent to
the recursive server together with the DNS query where the public key
is inserted to the additional section of the DNS query. Then the
recursive server encrypts the DNS responses sent to the stub resolver
with the public key of that stub resolver, and similarly the DNS
query sent to the recursive server is encrypted by the stub resolver
with the public key of that recursive server and thus the user
privacy is protected.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2016.
Zuo, et al. Expires January 3, 2016 [Page 1]
Internet-Draft dns encryption over UDP July 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol changes . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Encryption flag . . . . . . . . . . . . . . . . . . . . . 3
2.2. Public key of the stub resolver . . . . . . . . . . . . . 4
2.3. Use by the stub resolver . . . . . . . . . . . . . . . . 5
2.4. Use by the recursive server . . . . . . . . . . . . . . . 6
3. Performance Considerations . . . . . . . . . . . . . . . . . 7
4. IANA consideration . . . . . . . . . . . . . . . . . . . . . 7
5. Security considerations . . . . . . . . . . . . . . . . . . . 7
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1. Normative References . . . . . . . . . . . . . . . . . . 7
6.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
Zuo, et al. Expires January 3, 2016 [Page 2]
Internet-Draft dns encryption over UDP July 2015
1. Introduction
Nowadays, almost all DNS queries and responses between the stub
resolver and the recursive server are sent unencrypted, which makes
the user privacy (in terms of query names and source IPs) vulnerable
to attackers that has access to the network channel. Towards this
issue, multiple methods are proposed to protect the user privacy.
DNSCurve [draft-dempsky-dnscurve] defines a method to add
confidentiality to the link between DNS clients and servers with a
new cryptographic protocol; ConfidentialDNS
[draft-wijngaards-confidentialdns] and IPSECA
[draft-osterweil-dane-ipsec] use opportunistic encryption to offer
privacy for DNS queries and responses. Unlike these three methods,
DNS-over-TLS [draft-ietf-dprive-start-tls-for-dns] and DNS-over-DTLS
[draft-ietf-dprive-dnsodtls] use existing standard protocols such as
TLS and DTLS to fully encrypt the DNS queries and responses and these
two approaches attract much attention now. However, DNS service is
latency sensitive, for many other Internet applications such as web
browsing and E-mail begin with DNS resolution. And thus how to
encrypt the DNS queries and responses with low DNS latency becomes
one issue that needs more consideration. In this draft, one
encryption approach is proposed to provide fully as well as
opportunistic encryption for DNS queries and responses without
additional transmission latency. In this approach, the asymmetric
encryption technology is used where the stub resolver and recursive
server generate their own private and public keys independently. The
public key of the recursive server is distributed to stub resolver
through Certificate Authority infrastructure [RFC5280] while that of
the stub resolver is sent to the recursive server together with the
DNS query packet where a public key encapsulation method is built so
that the public key can be inserted into the additional section of
the DNS query.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. Protocol changes
2.1. Encryption flag
To upgrade the current unencrypted DNS into encrypted one, one
encryption flag is needed for both stub resolver and recursive server
to check whether one DNS message is encrypted or not. In this draft,
the first octet after the Header of the DNS message is extended to be
one encryption flag. Specifically, if the value of the above octet
Zuo, et al. Expires January 3, 2016 [Page 3]
Internet-Draft dns encryption over UDP July 2015
is not larger than 63, both the stub resolver and the recursive serve
process the DNS message just as usual. If the value of the first
octet is larger than 64 (255, for instance), the corresponding DNS
message is an encrypted one, which should be processed just as
described in the following sections. Of course, for those stub
resolvers and recursive servers that do not support the encryption
approach proposed in this draft, the encrypted DNS message should be
discarded.
2.2. Public key of the stub resolver
The public key of the stub resolver is appended to the RDATA part of
EDNS0 meta-RR as one OPTION in the DNS query sent by the stub
resolver to the recursive server. The encapsulation of the public
key is shown in figure 1. Just as defined in [RFC6891], the public
key is formatted into three parts, namely the option-code (16 bits),
option-length (16bits) and option-data (variable length) for the
public key. And the option-code needs to be assigned according to
[RFC6891].
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
0: | option-code for the public key |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
2: | option-length for the public key |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
4: | |
/ option-data for the public key /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--
Figure 1. The encapsulation of the public key of stub resolver
The format of the option-data for the public key is shown in figure
2. The first 16 bits is named as Algorithm and is used to specify
the specific encryption algorithm that is supported. The next 16
bits is reserved as flag for future use. And then the last part is
the actet string of the corresponding public key.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Algorithm | flag |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
/ Public Key /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2. The structure of the public key
Zuo, et al. Expires January 3, 2016 [Page 4]
Internet-Draft dns encryption over UDP July 2015
2.3. Use by the stub resolver
The stub resolver can independently determine whether to encrypt the
DNS queries or not. If the query name is very common and not
relating to user privacy, the stub resolver can do name resolution
through traditional unencrypted way and thus does not need to
implement the approach proposed in this draft. While if the query
name relates to user privacy, the stub resolver can use the method
presented in this draft to encrypt the DNS queries. And accordingly,
the recursive server also encrypts the DNS response with the public
key extracted from the DNS query.
The process of the stub resolver encrypting the DNS query is as
follows. First, the stub resolver needs to configure the public key
of the corresponding recursive server through the current Certificate
Authority infrastructure [RFC5280]. Second, the stub resolver
generates the normal DNS query (namely unencrypted one) and then
extracts all the parts after the DNS query Header and encrypts them
with the public key of the recursive server. Third, add a prefix of
three octets before the encrypted content where the first octet is
the encryption flag just as shown in the previous section while the
other two octets are used to store the length of the encrypted
content. Fourth, append the above content (namely a three bytes of
prefix plus the encrypted content) to the DNS query Header and thus
the encrypted DNS query is formed, just as shown in figure 3.
If the stub resolver encrypts the DNS query, the recursive server
must encrypt the corresponding DNS response whose format is the same
as shown in figure 3. And the process of encrypting the DNS response
by the recursive server is shown in the following section. The
process of processing the DNS response at the stub resolver side is
as follows. First, check the Encryption flag. If it is less than
64, the DNS response is processed just as usual; otherwise, the DNS
response must be encrypted one and the corresponding decryption
process is as follows. First, extract the encrypted content with the
help of the Length field and decrypts the encrypted content with the
public key of the recursive server. Third, append the decrypted
content to the Header of the DNS response and thus the original DNS
response is formed.
The structure of the encrypted DNS query is as follows: the
Zuo, et al. Expires January 3, 2016 [Page 5]
Internet-Draft dns encryption over UDP July 2015
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ /
/ Header /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Encryption flag | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Length | /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ encrypted content /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
Figure 3. The structure of the encrypted DNS message
2.4. Use by the recursive server
When receiving one DNS query where the Encryption flag is not larger
than 63, the recursive server process the DNS query just as usual.
While if the Encryption flag is larger than 63, the recursive server
can throw away the DNS query if it does not support the mechanism
proposed in this draft; otherwise, the recursive server processes the
DNS query like this: extract the encrypted content with the
indication of Length field shown in figure 3 and decrypts them with
the private key of the recursive server. Then the recursive server
combines the Header of the DNS query and the decrypted content and
thus the original DNS query is formed. Note that the public key of
the stub resolver is available in the decrypted DNS query and thus
the recursive server can obtain it easily.
After obtaining the original DNS query, the recursive server executes
normal DNS lookups and then forms the corresponding unencrypted DNS
response. If the DNS query received by the recursive server is
encrypted, then the corresponding DNS response also should be
encrypted. The way to encrypt the DNS response is as follows: first,
the recursive server encrypts all the parts of the DNS response
except the Header with the public key of the stub resolver. Second,
add a prefix of three octets to the encrypted content where one octet
is the encryption flag while the other two octets are for the length
of the encrypted content in terms of byte. Third, append above
content to the Header of the DNS response and thus the encrypted DNS
response is formed.
Zuo, et al. Expires January 3, 2016 [Page 6]
Internet-Draft dns encryption over UDP July 2015
3. Performance Considerations
Additional DNS message transmission delay is not added by the method
proposed in this draft since the public key of the stub resolver is
inserted into the DNS query as one part of it. Higher CPU usage is
caused by the use of the encryption and decryption with asymmetric
keys. The recursive server can choose to discard the new DNS query
if the CPU limit is exceeded. More bandwidth is needed because the
DNS message is increased due to the insertion of the public key of
the stub resolver to the DNS query message. Also the encryption of
the DNS message enlarges both the DNS query and response.
4. IANA consideration
This draft extends the first octet after the Header of each DNS
message to indicate whether the DNS message is encrypted or not.
IANA is requested to assign one new value (255, for instance) for the
above octet as the flag of DNS message encryption. Also, IANA is
requested to assign the option code for the public key of the stub
resolver in the EDNS0 meta-RR.
5. Security considerations
The encrypted DNS message may be blocked by the middleware devices
such as the firewall which does not support the method proposed in
this draft. The recursive server becomes a bit more vulnerable due
to higher CPU usage caused by the encryption of DNS responses
especially when the DDOS attack occurs.
6. References
6.1. Normative References
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", RFC
4033, March 2005.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security Extensions",
RFC 4034, March 2005.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005.
Zuo, et al. Expires January 3, 2016 [Page 7]
Internet-Draft dns encryption over UDP July 2015
[RFC4560] Quittek, J. and K. White, "Definitions of Managed Objects
for Remote Ping, Traceroute, and Lookup Operations", RFC
4560, June 2006.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008.
[RFC6891] Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms
for DNS (EDNS(0))", STD 75, RFC 6891, April 2013.
6.2. Informative References
[draft-dempsky-dnscurve]
Dempsky, M., "DNSCurve: Link-Level Security for the Domain
Name System", August 2010,
<http://tools.ietf.org/html/draft-dempsky-dnscurve-01>.
[draft-ietf-dprive-dnsodtls]
Reddy, T., "DNS over DTLS", June 2015,
<http://datatracker.ietf.org/doc/
draft-ietf-dprive-dnsodtls/>.
[draft-ietf-dprive-start-tls-for-dns]
Hu, Z., "TLS for DNS", May 2015,
<http://datatracker.ietf.org/doc/
draft-ietf-dprive-start-tls-for-dns/>.
[draft-osterweil-dane-ipsec]
Osterweil, E., "Opportunistic Encryption with DANE
Semantics and IPsec: IPSECA", February 2014,
<http://tools.ietf.org/html/
draft-osterweil-dane-ipsec-00>.
[draft-wijngaards-confidentialdns]
Wijngaards, W., "Confidential DNS", March 2015,
<http://tools.ietf.org/html/
draft-wijngaards-dnsop-confidentialdns-03>.
Authors' Addresses
Zuo, et al. Expires January 3, 2016 [Page 8]
Internet-Draft dns encryption over UDP July 2015
Peng Zuo
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 2629
Email: zuopeng@cnnic.cn
Hongtao Li
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3164
Email: lihongtao@cnnic.cn
Ning Kong
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3147
Email: xx@cnnic.cn
Xiaodong Lee
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3020
Email: xl@cnnic.cn
Guangqing Deng (editor)
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3680
Email: dengguangqing@cnnic.cn
Zuo, et al. Expires January 3, 2016 [Page 9]
Internet-Draft dns encryption over UDP July 2015
Jiankang Yao (editor)
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3007
Email: yaojiankang@cnnic.cn
Nan Wang (editor)
CNNIC
4 South 4th Street, Zhongguancun, Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3275
Email: wangnan@cnnic.cn
Zuo, et al. Expires January 3, 2016 [Page 10]