Securing name resolution in the IoT: DNS over CoAP

In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP and DNS over DTLS, and validate our protocol design based on empirical DNS IoT data. Our findings indicate that plain DoC is on par with common DNS solutions for the constrained IoT but significantly outperforms when additional, CoAP standard features are used such as block-wise transfer or caching. With OSCORE for end-to-end security, we can save more than 10 kBytes of code memory compared to DTLS while enabling group communication without compromising the trust chain when using intermediate proxies or caches. We also discuss a scheme for very restricted links that compresses redundant or excessive information by up to 70%.