Speaker
Description
DNSCrypt Protocol has been in existence since 2013 and has received considerable attention from the DNS community with several major DNS services providing support. This protocol also has several established client and server side open-source implementations in different programming languages. While not providing end-to-end DNS security, this protocol is designed to protect the ‘last mile’ traffic between a client and recursive name server (resolver) against eavesdropping, spoofing or man-in-the-middle attacks. DNSCrypt protocol has been designed to have cryptographic security for communication between client and its first level resolver while being efficient and adding minimal overhead to the plain text queries.
Several more recent DNS protocol extensions such as DNS over TLS (DoT), DNS over HTTPS (DoH) and most recently DNS over Quic (DoQ) were designed to protect the DNS traffic each with its own target protection context and limitations.
In this presentation, we provide the current state of art and adoption of DNSCrypt protocol and provide comparison with the more recent protocols for protecting the DNS traffic. We also touch upon our current efforts to prepare DNSCrypt RFC and extend the protocol to version 3 to use P-224 or P-256 elliptic curve digital signature algorithm to authenticate sessions and AES-GCM authenticated encryption for DNS traffic.
