Design and implementation of client IP notification feature on DNS for proactive firewall system

Tomokazu Otsuka, Gada, Nariyoshi Yamai, Kiyohiko Okayama, Yong Jin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The attempts of malicious access and attacks from the Internet to the internal computers of organizations never stop today and corresponding countermeasure for each technique is required. Most organizations introduce some firewall facilities as one of the solutions to protect their internal computers as well networks from those attacks. However, in most organizations, the network administrator has to deploy the policies on the firewall system manually based on the layer 3 and 4 information and only identified communication peers can be controlled by the policy-base firewall system. To solve these problems, we focused on the domain name resolution which happens prior to most TCP/IP communications and approach a new mechanism: adaptively investigable firewall system based on DNS query initiator by notifying the DNS query side client IP address to the target DNS server. In this paper, we mainly present the detail of design and implementation of the client IP address notification feature in the caching DNS server by embedding the subnet address as well as subnet mask of the query source client by practically using the DNS expanded standard (EDNS0).

Original languageEnglish
Title of host publicationProceedings - International Computer Software and Applications Conference
PublisherIEEE Computer Society
Pages127-132
Number of pages6
Volume3
ISBN (Print)9781467365635
DOIs
Publication statusPublished - Sep 21 2015
Event39th IEEE Annual Computer Software and Applications Conference Workshops, COMPSACW 2015 - Taichung, Taiwan, Province of China
Duration: Jul 1 2015Jul 5 2015

Other

Other39th IEEE Annual Computer Software and Applications Conference Workshops, COMPSACW 2015
CountryTaiwan, Province of China
CityTaichung
Period7/1/157/5/15

Keywords

  • Client IP Notification
  • DNS
  • Firewall
  • SDN

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'Design and implementation of client IP notification feature on DNS for proactive firewall system'. Together they form a unique fingerprint.

  • Cite this

    Otsuka, T., Gada, Yamai, N., Okayama, K., & Jin, Y. (2015). Design and implementation of client IP notification feature on DNS for proactive firewall system. In Proceedings - International Computer Software and Applications Conference (Vol. 3, pp. 127-132). [7273340] IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2015.220