Analysis of Robust and Secure DNS Protocols for IoT Devices

TL;DR

This paper evaluates various secure DNS protocols for IoT devices, analyzing their performance and security benefits using a virtualized resolver to guide optimal protocol selection under different network conditions.

Contribution

It introduces a framework for comparing DNS security protocols in IoT contexts, focusing on performance and security trade-offs with a virtual network function implementation.

Findings

Secure DNS protocols vary in performance depending on caching strategies.

The framework helps determine optimal DNS security configurations for IoT devices.

Results assist stakeholders in choosing suitable DNS protocols for robustness.

Abstract

The DNS (Domain Name System) protocol has been in use since the early days of the Internet. Although DNS as a de facto networking protocol had no security considerations in its early years, there have been many security enhancements, such as DNSSec (Domain Name System Security Extensions), DoT (DNS over Transport Layer Security), DoH (DNS over HTTPS) and DoQ (DNS over QUIC). With all these security improvements, it is not yet clear what resource-constrained Internet-of-Things (IoT) devices should be used for robustness. In this paper, we investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF) to replicate the impact of the protocol from an IoT perspective and compare their performances under different conditions. We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits. Our results and framework can greatly help consumers, manufacturers, and the research community decide and implement their DNS protocols depending on the given dynamic network conditions and enable robust Internet access via DNS for different devices.