DNSCurve
{{Short description|Protocol to encrypt DNS using elliptic curve cryptography}}
{{Infobox networking protocol
| title = DNS over HTTPS
| logo =
| logo alt =
| image =
| image alt =
| caption =
| is stack = no
| purpose =
| developer = Daniel J. Bernstein
| date = {{Start date and age|2009}}
| based on =
| influenced =
| osilayer = Application layer
| ports =
| rfcs =
| hardware =
}}
DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.
DNSCurve claims advantages over previous DNS services of:{{cite web |url=https://dnscurve.org/ |title=Introduction to DNSCurve |website=DNSCurve|date=22 June 2009 |author= |accessdate= 16 March 2016}}
- Confidentiality—conventional DNS requests and responses are not encrypted, so are readable to everyone along the path of transmission.
- Integrity—conventional DNS has some protection, but with patience and sniffing attackers can forge DNS records; this is prevented by DNSCurve cryptographic authentication.
- Availability—conventional DNS has no protection against denial of service (DoS) by a sniffing attacker sending a few forged packets per second. DNSCurve recognizes and discards forged DNS packets, providing some protection, though SMTP, HTTP, HTTPS, are also vulnerable to DoS.
Structure
DNSCurve uses Curve25519 elliptic curve cryptography to establish the identity of authoritative servers.{{cite web|title=Curve25519: high-speed elliptic-curve cryptography|url=https://cr.yp.to/ecdh.html|accessdate=30 January 2013|author=D. J. Bernstein}} Public keys for remote authoritative servers are encoded in NS records as the host name component of the server's fully qualified domain name, so recursive resolvers know whether the server supports DNSCurve. Keys begin with the magic string uz5 and are followed by a 51-byte Base32 encoding of the server's 255-bit public key. E.g., in BIND format:
{{sxhl|
example.com. IN NS uz5bcx1nh80x1r17q653jf3guywz7cmyh5jv0qjz0unm56lq7rpj8l.example.com.
|zone}}
The identity is used to establish keys used by an authenticated encryption scheme consisting of Salsa20 and Poly1305.The cryptographic setup is called a cryptographic box, specifically {{code|crypto_box_curve25519xsalsa20poly1305}}.{{cite web |title=Public-key authenticated encryption: crypto_box |url=https://nacl.cr.yp.to/box.html |website=nacl.cr.yp.to|quote=crypto_box is curve25519xsalsa20poly1305, a particular combination of Curve25519, Salsa20, and Poly1305 specified in "Cryptography in NaCl". This function is conjectured to meet the standard notions of privacy and third-party unforgeability.}}
The cryptographic box tool used in DNSCurve are the same used in CurveCP, a UDP-based protocol which is similar to TCP but uses elliptic-curve cryptography to encrypt and authenticate data. An analogy is that while DNSSEC is like signing a webpage with Pretty Good Privacy (PGP), CurveCP and DNSCurve are like encrypting and authenticating the channel using Transport Layer Security (TLS). Just as PGP-signed webpages can be sent over an encrypted channel using SSL, DNSSEC data can be protected using DNSCurve.{{cite web |title=CurveCP: Usable security for the Internet |url=http://curvecp.org |access-date=18 January 2024}}
Operation
The resolver first retrieves the public key from the NS record, see {{section link||Structure}} above.
The resolver then sends to the server a packet containing its DNSCurve public key, a 96-bit nonce, and a cryptographic box containing the query. The cryptographic box is created using the resolver's private key, the server's public key, and the nonce. The response from the server contains a different 96-bit nonce and its own cryptographic box containing the answer to the query.
Security
DNSCurve uses 256-bit elliptic-curve cryptography, which NIST estimates to be roughly equivalent to 3072-bit RSA.{{ cite web|url=https://www.keylength.com/en/4/|title=NIST Recommendations (2011)}} ECRYPT reports a similar equivalence.{{ cite web|url=https://www.ecrypt.eu.org/documents/D.SPA.17.pdf|title=ECRYPT II Yearly Report on Algorithms and Keysizes (2010-2011)|url-status=dead|archiveurl=https://web.archive.org/web/20120602083834/http://www.ecrypt.eu.org/documents/D.SPA.17.pdf|archivedate=2012-06-02}} It uses per-query public-key crypto (like SSH and SSL), and 96-bit nonces to protect against replay attacks. Adam Langley, security officer at Google, says "With very high probability, no one will ever solve a single instance of Curve25519 without a large, quantum computer."{{ cite web|url=http://www.quora.com/How-secure-is-djbs-Curve25519|title=Adam Langley on curve25519 security}}
Speed
Adam Langley has posted speed tests on his personal website showing Curve25519, used by DNSCurve, to be the fastest among elliptic curves tested.{{ cite web|url=https://www.imperialviolet.org/2010/12/21/eccspeed.html|title=Adam Langley: What a difference a prime makes}} According to the U.S. National Security Agency (NSA), elliptic curve cryptography offers vastly superior performance over RSA and Diffie–Hellman at a geometric rate as key sizes increase.{{cite web
|url=http://www.nsa.gov/business/programs/elliptic_curve.shtml
|title=The Case for Elliptic Curve Cryptography
|publisher=NSA
|accessdate=January 17, 2009
|url-status=dead
|archiveurl=https://web.archive.org/web/20090117023500/http://www.nsa.gov/business/programs/elliptic_curve.shtml
|archivedate=January 17, 2009
}}
Implementations
DNSCurve first gained recursive support in dnscache via a patch{{cite web
| url=http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch
| title=DNSCurve patch for dnscache
| url-status=dead
| archiveurl=https://archive.today/20121228005750/http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch
| archivedate=2012-12-28
}} by Matthew Dempsky. Dempsky also has a GitHub repository which includes Python DNS lookup tools and a forwarder in C.{{ cite web
| url=https://github.com/mdempsky/dnscurve
| title=Matthew Dempsky's DNSCurve repo on GitHub| website=GitHub| date=13 August 2019}} Adam Langley has a GitHub repository as well.{{ cite web
| url=https://github.com/agl/dnscurve
| title=Adam Langley's DNSCurve repo| website=GitHub| date=13 August 2019}} There is an authoritative forwarder called CurveDNS{{ cite web
| url=https://github.com/curvedns/curvedns
| title=CurveDNS: A DNSCurve Forwarding Name Server| website=GitHub}} which allows DNS administrators to protect existing installations without patching.
Jan Mojžíš has released curveprotect,{{cite web
| url=http://curveprotect.org/
| title=curveprotect, a complex collection of tools for protecting wide range of internet services
| access-date=2012-05-09
| archive-date=2013-05-26
| archive-url=https://web.archive.org/web/20130526043950/http://curveprotect.org/
| url-status=dead
}} a software suite which implements DNSCurve and CurveCP protection for common services like DNS, SSH, HTTP, and SMTP.
DNSCurve.io (2023) recommends two implementations: Jan Mojžíš's dqcache for recursive resolvers, CurveDNS for authoritative servers.{{cite web |title=DNSCurve.io - A Community for DNSCurve |url=https://dnscurve.io |website=dnscurve.io}}
Deployment
OpenDNS, which has 50 million users, announced support for DNSCurve on its recursive resolvers on February 23, 2010. In other words, its recursive resolvers now use DNSCurve to communicate to authoritative servers if available.{{cite web
| url=http://blog.opendns.com/2010/02/23/opendns-dnscurve/
| title=OpenDNS adopts DNSCurve
| access-date=2010-04-13
| archive-date=2010-02-26
| archive-url=https://web.archive.org/web/20100226102021/http://blog.opendns.com/2010/02/23/opendns-dnscurve
| url-status=dead
}} On December 6, 2011, OpenDNS announced a new tool, called DNSCrypt.{{ cite web
| url=http://blog.opendns.com/2011/12/06/dnscrypt-–-critical-fundamental-and-about-time/
| title=OpenDNS unveils DNSCrypt
| url-status=dead
| archiveurl=https://web.archive.org/web/20130203105200/http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/
| archivedate=2013-02-03
}} DNSCrypt is based on similar cryptographic tools as DNSCurve, but instead protects the channel between OpenDNS and its users.{{cite web |url=http://ports.su/net/dnscrypt-proxy |title=net/dnscrypt-proxy: dnscrypt-proxy-1.4.3 – secure communications between a DNS client and resolver |work=OpenBSD ports |date=2015-01-06 |accessdate=2015-02-09}}
No equally large authoritative DNS providers have yet deployed DNSCurve.
See also
DNSCurve is intended to secure communication between a resolver and an authoritative server.
For securing communication between DNS clients and resolvers, there are several options:
- DNS over TLS, defined by two standards-track RFCs, RFC 7858 and RFC 8310
- DNS over HTTPS, standardized in RFC 8484
- DNSCrypt
Notes
{{reflist|30em}}
External links
- [https://dnscurve.org Official website]
- [https://dnscurve.io DNSCurve.io: a community for DNSCurve users]
- [https://cr.yp.to/talks/2009.06.27/slides.pdf High-speed cryptography and DNSCurve], a June 2009 presentation by the author
- [https://cr.yp.to/talks/2008.08.22/slides.pdf DNSCurve: Usable security for DNS], an August 2008 presentation by the author
- [http://tools.ietf.org/html/draft-dempsky-dnscurve-01 draft-dempsky-dnscurve-01] Proposed standard "DNSCurve: Link-Level Security for the Domain Name System", sent by M. Dempsky (from OpenDNS) to IETF (updated in February 2010)
- [http://blog.opendns.com/2010/02/23/opendns-dnscurve/ OpenDNS adopts DNSCurve] {{Webarchive|url=https://web.archive.org/web/20100226102021/http://blog.opendns.com/2010/02/23/opendns-dnscurve |date=2010-02-26 }}, official OpenDNS blog entry
- [https://github.com/curvedns/curvedns CurveDNS], DNSCurve forwarding name server
- [https://nacl.cr.yp.to/ NaCl], Networking and Cryptography library
{{DEFAULTSORT:Dnscurve}}