Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Analysis of Robust and Secure DNS Protocols for IoT Devices

Abdullah Aydeger, Sanzida Hoque, Engin Zeydan, Kapal Dev

TL;DR

This work addresses the challenge of securing DNS for resource-constrained IoT devices by implementing an edge DNS resolver as a VNF and systematically comparing DNSSEC, DoT, DoH, DoT+DNSSEC, and DoH in both cached and non-cached scenarios. Using BIND9 with multiple forwarders and DNSPerf across regional test domains, the study evaluates security benefits, latency, and network traffic, revealing a clear trade-off: stronger security generally incurs higher latency and overhead. DoH provides the strongest privacy and authentication signals, but imposes the largest delay, while traditional DNS remains the fastest with no encryption. The findings offer a practical framework to guide consumers, manufacturers, and researchers in selecting DNS security protocols that balance security, performance, and resource use for IoT deployments, and outline future directions including edge-based optimizations and Post-Quantum considerations.

Abstract

The DNS (Domain Name System) protocol has been in use since the early days of the Internet. Although DNS as a de facto networking protocol had no security considerations in its early years, there have been many security enhancements, such as DNSSec (Domain Name System Security Extensions), DoT (DNS over Transport Layer Security), DoH (DNS over HTTPS) and DoQ (DNS over QUIC). With all these security improvements, it is not yet clear what resource-constrained Internet-of-Things (IoT) devices should be used for robustness. In this paper, we investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF) to replicate the impact of the protocol from an IoT perspective and compare their performances under different conditions. We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits. Our results and framework can greatly help consumers, manufacturers, and the research community decide and implement their DNS protocols depending on the given dynamic network conditions and enable robust Internet access via DNS for different devices.

Analysis of Robust and Secure DNS Protocols for IoT Devices

TL;DR

This work addresses the challenge of securing DNS for resource-constrained IoT devices by implementing an edge DNS resolver as a VNF and systematically comparing DNSSEC, DoT, DoH, DoT+DNSSEC, and DoH in both cached and non-cached scenarios. Using BIND9 with multiple forwarders and DNSPerf across regional test domains, the study evaluates security benefits, latency, and network traffic, revealing a clear trade-off: stronger security generally incurs higher latency and overhead. DoH provides the strongest privacy and authentication signals, but imposes the largest delay, while traditional DNS remains the fastest with no encryption. The findings offer a practical framework to guide consumers, manufacturers, and researchers in selecting DNS security protocols that balance security, performance, and resource use for IoT deployments, and outline future directions including edge-based optimizations and Post-Quantum considerations.

Abstract

The DNS (Domain Name System) protocol has been in use since the early days of the Internet. Although DNS as a de facto networking protocol had no security considerations in its early years, there have been many security enhancements, such as DNSSec (Domain Name System Security Extensions), DoT (DNS over Transport Layer Security), DoH (DNS over HTTPS) and DoQ (DNS over QUIC). With all these security improvements, it is not yet clear what resource-constrained Internet-of-Things (IoT) devices should be used for robustness. In this paper, we investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF) to replicate the impact of the protocol from an IoT perspective and compare their performances under different conditions. We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits. Our results and framework can greatly help consumers, manufacturers, and the research community decide and implement their DNS protocols depending on the given dynamic network conditions and enable robust Internet access via DNS for different devices.

Paper Structure

This paper contains 14 sections, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Edge DNS
  3. Secure DNS Protocols for Resource Constrained Devices
  4. Secure DNS Protocols
  5. Impact of Resource-Constrains on IoT devices
  6. Strategies for limitations
  7. Experimental Analysis
  8. Results
  9. Security Quantification of DNS Protocols
  10. Response Time
  11. Network Traffic
  12. Discussions on Robustness of Techniques and Recommendations for Future Directions
  13. Future Work
  14. Conclusions

Figures (2)

  • Figure 1: Illustration of various DNS Security Protocols.
  • Figure 2: Total Packet Sizes for Request and Response (bytes)