Извините, этот техт доступен только в “Американский Английский”. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.
CROSS-PLATFORM DNS PROXY SERVICE ARCHITECTURE
Dmitry A. Podkorytov, Kurgan State University, Kurgan, Russia
Anatoly B. Floka, Kurgan State University, Kurgan, Russia
Sergey V. Kuleshov, Saint-Petersburg Institute for Informatics and Automation of Russian Academy of Science, Saint-Petersburg, Russia, kuleshov@iias.spb.su
Abstract
The article proposes the variant of building a network service architecture that performs the functions of UDP Proxy. The architecture is based on a pool of several network processes working together on a single network address. The subject of study is the architecture of a network service development that performs the functions of UDP Proxy. The purpose of the study is to develop an experimental DNS Proxy service architecture, which, on the one hand, provides for hiding DNS traffic, and on the other hand, does not contain cryptographic transformations that require significant computational costs, does not require changes on the client side. The proposed experimental DNS Proxy service is cross-platform and compact. For the software implementation of the DNS Proxy we use the development tools focused on creating cross-platform software and reliable high-load network services. The languages Erlang, C/C++, D are selected, the features of the software implementation are considered. To evaluate the performance of the software implementation of the DNS Proxy, a test bench based on the Windows 7 operating system is built and configured. We choose the implementation in D, which on the one hand provides compact code, and on the other is close to C/C++ by efficiency. The proposed DNS Proxy architecture assumes the use of an intermediate communication layer that is implemented between the client and the server and consists of the following components: LAN, WAN interfaces and a secure data transmission channel over public networks between them. We consider an example of a man-in-the-middle vulnerability that is neutralized by authorizing and converting traffic to an internal view for transport between the LAN and WAN components of the service.
Keywords: LAN, WAN, network service architecture, DNS traffic, IDE, UDP Proxy, DNS Proxy.
References
1. Roskomnadzor news // URL: https://rkn.gov.ru/news/rsoc/news51440.htm (Data Access 12.03.2019) (in Russian)
2. DNSSEC: DNS Security Extensions Securing the Domain Name System // URL: https://www.dnssec.net/ (Data Access 12.03.2019).
3. OpenVPN // URL: https://openvpn.net/ (Data Access 12.03.2019).
4. V.V. Alexandrov, S.V. Kuleshov and A.A. Zaytseva (2016). Active Data in Digital Software Defined Systems Based on SEMS Structures. Logical Analysis of Data and Knowledge with Uncertainties in SEMS — A.E. Gorodetskiy (ed.), Smart Electromechanical Systems, Studies in Systems, Decision and Control 49, pp. 61-69.
5. OpenDNS repository // URL: https://github.com/opendns (Data Access 12.03.2019).
6. DNS Privacy Project Homepage // URL: https://dnsprivacy.org/wiki/ (Data Access 12.03.2019).
7. DNS Privacy — Current Work // URL: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+-+Current+Work (Data Access 12.03.2019).
8. DNS Privacy — The Solutions // URL: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+-+The+Solutions (Data Access 12.03.2019).
9. M. Dempsky DNSCurve: Link-Level Security for the Domain Name System // URL: https://tools.ietf.org/html/draft-dempsky-dnscurve-01 (Data Access 12.03.2019).
10. C. Huitema, M. Shore, etc Specification of DNS over Dedicated QUIC Connections // June 29, 2018 // URL: https://datatracker.ietf.org/doc/drafthuitema-quic-dnsoquic/ (Data Access 15.02.2019).
11. DNS Analysis and Privacy Tools // URL: https://ant.isi.edu/software/tdns/index.html (Data Access 12.03.2019).
12. DNS over HTTPS // URL: https://developers.google.com/speed/public-dns/docs/dns-over-https (Data Access 12.03.2019).
13. S. St. Laurent. Introducing Erlang. O’Reilly Media, 2017, 202 p.
14. DNSCrypt project // URL: https://dnscrypt.info/ (Data Access 12.03.2019).
15. DNS leak: what it is and how to fix it with the DNSCrypt utility // URL: http://www.spy-soft.net/utechka-dns/ (Data Access 12.03.2019) (in Russian)
16. T-DNS server proxy // URL: https://ant.isi.edu/software/tdns/tdns-server-proxy/index.html (Data Access 12.03.2019).
17. T-DNS client proxy // URL: https://ant.isi.edu/software/tdns/tdns-client-proxy/index.html (Data Access 12.03.2019).
18. Liang Zhu, Zi Hu, John Heidemann, etc. T-DNS: Connection-Oriented DNS to Improve Privacy and Security // USC/ISI Technical Report ISI-TR-688, Feb. 2014 URL: https://www.isi.edu/~johnh/PAPERS/Zhu14a.pd (Data Access 12.03.2019).
19. How to Boost Your Internet Security with DNSCrypt // URL: https://lifehacker.com/how-to-boost-your-internet-security-with-dnscrypt-510386189 (Data Access 12.03.2019).
20. DNS over TLS // URL: https://support.opendns.com/hc/en-us/community/posts/
115019265903-DNS-over-TLS (Data Access 12.03.2019).
21. Android getting «DNS over TLS» support to stop ISPs from knowing what websites you visit // URL: https://www.xda-developers.com/android-dnsover-tls-website-privacy/ (Data Access 15.02.2019).
22. DNSPerf — DNS Speed Benchmark // URL: — https://www.dnsperf.com/ (Data Access 11.02.2019).
Information about authors:
Dmitry A. Podkorytov, Kurgan State University, Senior Lecturer, Department of Software, Automated Systems, Kurgan, Russia
Anatoly B. Floka, Kurgan State University, Senior Lecturer, Department of Software, Automated Systems, PhD. Tech., Kurgan, Russia
Sergey V. Kuleshov, Saint-Petersburg Institute for Informatics and Automation of Russian Academy of Science; Principal Researcher, Laboratory for Research Automation; Dr. of Tech. Sc., Saint-Petersburg, Russia