Design and implementation of client IP notification feature on DNS for proactive firewall system

Tomokazu Otsuka, Gada, Nariyoshi Yamai, Kiyohiko Okayama, Yong Jin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The attempts of malicious access and attacks from the Internet to the internal computers of organizations never stop today and corresponding countermeasure for each technique is required. Most organizations introduce some firewall facilities as one of the solutions to protect their internal computers as well networks from those attacks. However, in most organizations, the network administrator has to deploy the policies on the firewall system manually based on the layer 3 and 4 information and only identified communication peers can be controlled by the policy-base firewall system. To solve these problems, we focused on the domain name resolution which happens prior to most TCP/IP communications and approach a new mechanism: adaptively investigable firewall system based on DNS query initiator by notifying the DNS query side client IP address to the target DNS server. In this paper, we mainly present the detail of design and implementation of the client IP address notification feature in the caching DNS server by embedding the subnet address as well as subnet mask of the query source client by practically using the DNS expanded standard (EDNS0).

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference Workshops, COMPSACW 2015
EditorsSheikh Iqbal Ahamed, Carl K. Chang, Ivica Crnkovic, Pao-Ann Hsiung, Jingwei Yang, Gang Huang, William Chu
PublisherIEEE Computer Society
Pages127-132
Number of pages6
ISBN (Electronic)9781467365635
DOIs
Publication statusPublished - Sep 21 2015
Event39th IEEE Annual Computer Software and Applications Conference Workshops, COMPSACW 2015 - Taichung, Taiwan, Province of China
Duration: Jul 1 2015Jul 5 2015

Publication series

NameProceedings - International Computer Software and Applications Conference
Volume3
ISSN (Print)0730-3157

Other

Other39th IEEE Annual Computer Software and Applications Conference Workshops, COMPSACW 2015
Country/TerritoryTaiwan, Province of China
CityTaichung
Period7/1/157/5/15

Keywords

  • Client IP Notification
  • DNS
  • Firewall
  • SDN

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Design and implementation of client IP notification feature on DNS for proactive firewall system'. Together they form a unique fingerprint.

Cite this