Enhancing DNS Performance with Efficient Cryptographic Algorithms: A Comparative Study of DoT Frameworks
DOI:
https://doi.org/10.70112/ajcst-2024.13.2.4288Keywords:
Domain Name System (DNS), Encrypted Protocols, DNS over TLS (DoT), Cryptographic Algorithms, Performance EvaluationAbstract
The Domain Name System (DNS) is a critical component of the Internet, and its disruption can significantly affect service quality. To enhance security and protect user privacy, encrypted protocols, such as DNS over TLS (DoT), DNS over Quick UDP Internet Connections (DoQ), and DNS over HTTPS (DoH), have been introduced. This study evaluates the performance impact of different cryptographic algorithms within the DoT framework, focusing on how encryption influences DNS query performance and resolver efficiency. Performance evaluations were conducted using various cryptographic algorithms under different client load conditions. Metrics such as response rate, timeout rate, and resource utilization were analyzed to assess the impact of encryption on DNS recursive resolvers. The analysis revealed that the choice of encryption algorithm and client load significantly affect performance. Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) 128 and ChaCha20-Poly1305 demonstrated superior performance, exhibiting higher response rates and lower timeout rates compared to AES-GCM 256. Organizations managing DNS infrastructure should monitor client loads and consider adopting efficient encryption algorithms, such as AES-GCM 128 or ChaCha20-Poly1305. These choices can optimize DNS recursive resolver performance while maintaining robust security in dynamic network environments.
References
B. Gupta, Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives. CRC Press, Taylor & Francis, 2018.
K. Israry and F. William, “A demonstration of practical DNS attacks and their mitigation using DNSSEC,” Int. J. Wireless Networks and Broadband Technol., vol. 9, no. 1, pp. 58-78, 2020.
S. García, K. Hynek, D. Vekshin, T. Čejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” ACM, pp. 1-16, 2021.
T. V. Doan, I. Tsareva, and V. Bajpai, “Measuring DNS over TLS from the edge: Adoption, reliability, and response times,” Int. Conf. Passive and Active Network Measurement, 2021.
A. Hounsel, K. Borgolte, P. Schmitt, and N. F. Jordan Holland,“Comparing the effects of DNS, DoT, and DoH on web performance,”in Proc. The Web Conf., 2020.
T. Boettger, F. Cuadrado, G. Antichi, E. L. Fernandes, I. C. G. Tyson, and S. Uhlig, “An empirical study of the cost of DNS-over-HTTPS,”in IMC ‘19: ACM Internet Measurement Conf., 2019.
A. Jonglez, “End-to-end mechanisms to improve latency incommunication networks,” Networking Internet Architecture, pp. 1-137, 2021.
R. Houser, Z. Li, C. Cotton, and H. Wang, “An investigation on information leakage of DNS over TLS,” in The 15th Int. Conf. onEmerging Networking EXperiments and Technologies (CoNEXT ‘19),Orlando, FL, USA, 2019.
A. Jonglez, S. Birbalta, and M. Heusse, “Poster: Persistent DNSconnections for improved performance,” in Networking 2019 - IFIP Networking 2019, pp. 1-2, 2019.
O. Alao, F. Y. Ayankoya, O. F. Ajayi, and O. B. Ohwo, “The need to improve DNS security architecture: An adaptive security approach,” Inf. Dyn. Appl., vol. 2, no. 1, pp. 19-30, 2023.
O. B. Ohwo, F. Y. Ayankoya, O. F. Ajayi, and D. O. Alao, “Advancing DNS performance through an adaptive transport layer security model (ad-TLSM),” Ingénierie des Systèmes d’Information, vol. 28, no. 3, pp. 777-790, 2023.
M. S. Islam, M. Sajjad, M. M. Hasan, and M. S. I. Mazumder,“Phishing attack detecting system using DNS and IP filtering,” Asian Journal of Computer Science and Technology, vol. 12, no. 1, pp. 16-20, 2023.
P. Banu and K. Kumar, “An experimental study on energy consumption of cryptographic algorithms for mobile hand-held devices,” Asian Journal of Computer Science and Technology, vol. 1,no. 1, pp. 91-97, 2012.
V. S. Khandkar, M. K. Hanawal, and S. G. Kulkarni, “Challenges inadapting ECH in TLS for privacy enhancement over the internet,”pp. 1-9, 2022.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Centre for Research and Innovation
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
