ss2DNS: A Secure DNS Scheme in Stage 2

Abstract: The absence of security and privacy measures between DNS recursive resolvers and authoritative nameservers has been exploited by both on-path and off-path attackers. Although numerous security proposals have been introduced in practice and in the literature, they often face deployability barriers and/or lack a compelling set of security and privacy properties, resulting in limited adoption. We introduce ss2DNS, a novel DNS scheme designed to mitigate the security and privacy vulnerabilities in the resolution process between resolvers and authoritative nameservers, while preserving efficiency by maintaining a single round-trip. ss2DNS takes advantage of a hierarchical trust model that does not rely on entities external to DNS zones, and delegates nameserver replicas within each zone to serve zone data securely for short, renewable time intervals. This design enables real-time security properties for DNS messages without requiring the duplication of long-term private keys on replicas, thereby minimizing exposure to compromise. We implement a proof of concept of ss2DNS for evaluation and show that for server-side processing latency, resolution time, and CPU usage, ss2DNS is comparable to less-secure schemes but significantly outperforms DNS-over-TLS.