DNSSEC in the networks with a NAT64/DNS64

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F46747885%3A24220%2F18%3A00006412" target="_blank" >RIV/46747885:24220/18:00006412 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/8501446/" target="_blank" >https://ieeexplore.ieee.org/document/8501446/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/AE.2018.8501446" target="_blank" >10.23919/AE.2018.8501446</a>

Jazyk výsledku

angličtina

Název v původním jazyce

DNSSEC in the networks with a NAT64/DNS64

Popis výsledku v původním jazyce

This paper describes the problems with using both Domain Name System Security (DNSSEC) (security extension to domain name system) validating Domain Name System (DNS) resolvers and NAT64/DNS64 transition mechanism. In this paper we also propose a solution how to solve the problem of such combination. The foreign (synthesized) AAAA record as well as the broken trust chain in such records in secure way which doesn’t breach DNSSEC. A current widely used solution comes from RFC 7050 [1] with conjunction with RFC 6146 [2] and RFC 6147 [3]. In such case the end node will detect Domain Name System 6-to-4 (DNS64) by asking for well-known Internet Protocol version 4 (IPv4) only domain, if detected end node would disable DNSSEC validation. This solves previously mentioned problem of foreign AAAA record and such domain would be reachable. However this also brakes DNSSEC validation and it does not allow operator to control over the prefix preference. Our proposed solution supplies the end node with secondary DNSSEC chain to validate DNS64 synthesized records from information already presented to the node by Neighbor Discovery or Dynamic Host Configuration Protocol version 6 (DHCPv6), in the way that network operator can have a control over the prefixes and DNS resolvers used by the end node for NAT64/DNS64 transition mechanism.

Název v anglickém jazyce

DNSSEC in the networks with a NAT64/DNS64

Popis výsledku anglicky

This paper describes the problems with using both Domain Name System Security (DNSSEC) (security extension to domain name system) validating Domain Name System (DNS) resolvers and NAT64/DNS64 transition mechanism. In this paper we also propose a solution how to solve the problem of such combination. The foreign (synthesized) AAAA record as well as the broken trust chain in such records in secure way which doesn’t breach DNSSEC. A current widely used solution comes from RFC 7050 [1] with conjunction with RFC 6146 [2] and RFC 6147 [3]. In such case the end node will detect Domain Name System 6-to-4 (DNS64) by asking for well-known Internet Protocol version 4 (IPv4) only domain, if detected end node would disable DNSSEC validation. This solves previously mentioned problem of foreign AAAA record and such domain would be reachable. However this also brakes DNSSEC validation and it does not allow operator to control over the prefix preference. Our proposed solution supplies the end node with secondary DNSSEC chain to validate DNS64 synthesized records from information already presented to the node by Neighbor Discovery or Dynamic Host Configuration Protocol version 6 (DHCPv6), in the way that network operator can have a control over the prefixes and DNS resolvers used by the end node for NAT64/DNS64 transition mechanism.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2018 International Conference on Applied Electronics (AE)

ISBN

978-802610721-7

ISSN

1803-7232

e-ISSN

—

Počet stran výsledku

4

Strana od-do

51-54

Název nakladatele

University of West Bohemia, Pilsen, Czech Republic

Místo vydání

Plzeň

Místo konání akce

Plzeň

Datum konání akce

1. 1. 2018

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—