Jump to content

DNSCrypt

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 80.12.95.227 (talk) at 15:57, 29 March 2016 (Yandex announce support for DNSCrypt). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

DNSCrypt is a network protocol designed by Frank Denis and Yecheng Fu, which authenticates Domain Name System (DNS) traffic between the user's computer and recursive name servers.

Although multiple client and server implementations exist, the protocol was never proposed to the Internet Engineering Task Force (IETF) by the way of a Request for Comments (RfC).

DNSCrypt wraps unmodified DNS queries and responses in a cryptographic construction in order to detect forgery. It also mitigates UDP-based amplification attacks by requiring a question to be at least as large as the corresponding response. DNSCrypt can also be used for access control.

Deployment

In addition to private deployments, the DNSCrypt protocol has been adopted by several public DNS resolvers, the vast majority being members of the OpenNIC network, as well as virtual private network (VPN) services.

On March 29, 2016, Yandex announced support for the DNSCrypt protocol on their public DNS servers as well as in their web browser.

Protocol

DNSCrypt can be used either over UDP or over TCP. In both cases, its default port is 443, even though the protocol radically differs from HTTPS.

Instead of relying on trusted certificate authorities commonly found in web browsers, the client has to explicitly trust the public signing key of the chosen provider.

This public key is used to verify a set of certificates, retrieved using conventional DNS queries. These certificates contain short-term public keys used for key exchange, as well as an identifier of the cipher suite to use. Clients are encouraged to generate a new key for every query, while servers are encouraged to rotate short-term key pairs every 24 hours.

Queries and responses are encrypted using the same algorithm, and padded to a multiple of 64 bytes in order to avoid leaking packet sizes. Over UDP, when a response would be larger than the question leading to it, a server can respond with a short packet whose TC (truncated) bit has been set. The client should then retry using TCP, and increase the padding of subsequent queries.

Versions 1 and 2 of the protocol leverage the X25519 algorithm for key exchange, EdDSA for signatures and XSalsa20-Poly1305 for authenticated encryption. However, the protocol specification hints at XSalsa20-Poly1305 being eventually superseded by ChaCha20-Poly1305 as standardized by the IETF (RFC 7539).

Public-key based client authentication

The DNSCrypt protocol can also be used for access control or accounting, by accepting only a predefined set of public keys. This can be used by commercial DNS services to identify customers without having to rely on IP addresses.

See also

References