Abdullah Aydeger, Sanzida Hoque, and Engin Zeydan

Challenges of DNS in the Post-Quantum Era: Improving Security with Post-Quantum TLS

The Domain Name System (DNS), an important component of the Internet infrastructure, is vulnerable to various attacks that can jeopardize the security and privacy of Internet communications. While DNS over TLS (DoT) is widely used to improve DNS security, the advent of quantum computing poses a significant threat to the underlying cryptographic algorithms used in TLS. In this paper, we propose a comprehensive framework for DNS over Post-Quantum TLS (DoPQT) to address this challenge. Our framework integrates post-quantum cryptographic algorithms into DoT, ensuring robust security against both classical and quantum attacks. We introduce a hybrid key exchange mechanism and post-quantum authentication procedures to protect the confidentiality, integrity, and authenticity of DNS traffic. DoPQT has the potential to offer comparable performance to existing solutions while demonstrating superior quantum resistance. This research contributes to the development of a secure and resilient DNS infrastructure in the post-quantum era. It has been observed that the handshake process is most affected by increased DNS queries and is the main source of the bottleneck. On the other hand, the percentage loss in throughput when using the PQC algorithm (i.e., MLKEM) is about 33-40% for different DNS queries. 

Reference:

DOI: 10.36244/ICJ.2025.3.2

Download 

Please cite this paper the following way:

Abdullah Aydeger, Sanzida Hoque, and Engin Zeydan "Challenges of DNS in the Post-Quantum Era: Improving Security with Post-Quantum TLS", Infocommunications Journal, Vol. XVII, No 3, September 2025, pp. 11-21., https://doi.org/10.36244/ICJ.2025.3.2