Encrypted DNS From Pilot To Production (2022)

By Joe Crowe, Janardhan Bollineni, Charlie Helfinstine, Thomas Modayil Jacob; Comcast

The domain name service (DNS) is one of the most critical internet services. It is often referred to as “the phonebook of the Internet”, meaning that the DNS facilitates a human-readable fully qualified domain name (FQDN) to be translated to a network IP address, which in turn allows networked devices to communicate to one other and provide content or needed services to allow applications to work as expected. The DNS was first introduced in 1983 by Paul Mockapetris and is one of the original Internet Standards per the IETF since 1986 (https://en.wikipedia.org/wiki/DomainNameSystem).

Since the advent of the DNS, it has been inherently insecure because DNS packets are transmitted in clear text either via the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP). There have been numerous initiatives to secure the DNS, notably DNS security extensions (DNSSEC), which encourage authoritative DNS operators to add extensions and caching DNS operators to perform validations. While this enhances security for the user, it doesn't solve the clear text request and response problems.

More recently, encrypted DNS protocols have been implemented across the Internet, including but not limited to, DNS over HTTPS (DoH), DNS over TLS (DoT), DNSCrypt, and in the near future DNS over QUIC (DoQ). Comcast is one of the first major ISPs to provide DoH and DoT to their customers and has also become a trusted recursive resolver with Mozilla’s browser Firefox.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

DNS Encryption: Exposure or Opportunity?
By Mark Dokter & Bruce Van Nice, Akamai
Key Learnings from Comcast’s Use of Open Source Software in the Access Network
By Louis Donofrio & Qin Zang, Comcast Cable; Vignesh Ramamurthy, Infosys Consulting
Photon Avatars in the Comcast Cosmos: An End-to-End View of Comcast Core, Metro and Access Networks
By Venk Mutalik, Steve Ruppa, Fred Bartholf, Bob Gaydos, Steve Surdam, Amarildo Vieira, Dan Rice; Comcast
MTS Compatibility In Encrypted Baseband Scrambling Systems
By James R. Holzgrafe, Senior Staff Scientist, Arthur E. Vigil, Staff Scientist, Oak Communications Inc.
Two Years Of Deploying ITV/EBIF Applications – Comcast’s Lessons Learned
By Robert Dandrea, Ph.D., Comcast Cable
Rapid and Automated Production Scale Activation of Expanded Upstream Bandwidth
By Rob Thompson, Rob Howald, John Chrostowski, Dan Rice, Amarildo Vieira, Rohini Vugumudi & Zhen Lu, Comcast Cable
Critical Facility Cooling Energy Optimization
By Thomas Hurley, Comcast Cable Corporation; John Dolan, Rogers Communications Inc.; Arnold Murphy, Strategic Clean Technology; Mike Glaser, Cox Communications Inc.; John Teague, Worldwide Environmental Services; Ken Nickel, Quest Controls, Inc.
Verification of Electrical Grounds/Bonds Using Computer Vision
By Shawn Kercher & Jacob Hallberg, Comcast Innovation Labs
Comcast Underground: Innovative Fiber Deployments Over Existing Underground Critical Infrastructure
By Venk Mutalik, Pat Wike, Doug Combs, Alan Gardiner, Dan Rice; Comcast
Digital Video Transmission System with Pilot Aided C-OFDM
By Yasuo Harada, Hiroshi Hayashino, Yasuhiro Uno, Tomohiro Kimura, Hitoshi Mori, Manager of Information & Communications Technology Laboratory, Matsushita Electric Industrial Co. Ltd.
More Results >>