Cache Poisoning in DNS over HTTPS clients

Abstract: Abstract DNS over HTTPS (DoH) is a protocol used to send traditiona lDNS traffic over HTTPS.This causes the DNS name resolving traffic to be encrypted and transmitted over the same port as regular HTTP Straffic.This thesis maps a number of previous vulnerabilities in DNS and compares those risks with the DoH protocol and its implementation,mainly focusing on cache poisoning. A number of attacks from a DoH server to a DoH client are applied. The results show that it is possible to inject incorrect data into the DoH client’s cache.The consequences of this can be extensive, an example of this is a redirect to a malicious webpage, which when using DoH can be difficult to detect because the DNS traffic is encrypted. Further work is needed to mitigate the security holes discovered, as well as to further identify potential threats. Keywords DNS overHTTPS,DoH,cachepoisoning,RFC8484,DNSsecurity,DANE