以網域名稱系統為通道進行網路電話通訊之設計

網域名稱系統(Domain Name System，簡稱DNS)在現代網路已是一項重要的基礎服務，並廣於部署在每一個網路中。一般網路使用者常會利用DNS進行查詢，將網域名稱正解為網路位址，通常是IP位址；或者將網路位址反解為網域名稱。但DNS可提供的功能並不僅僅於此，許多與網站有關的情報，是DNS有能力提供的。因此，藉由DNS的高利用性、以及具有雙向通訊的特點，我們嘗試尋找其他可透過DNS實做的應用。　　DNS通道(DNS Tunneling)的概念已被駭客們經由實做，用於討論一般人們對於DNS預期之外的使用方式、以及探究DNS本身設計中可能出現的弱點。不少實做都被設計為經由DNS來傳輸IP封包的應用，並廣於使用在受限制的網路環境中。然而，在不同的網路環境中，該環境所提供DNS的服務功能常有不同，使得DNS通道的概念可能無法在某些情況下使用。　　我們認為網際網路電話(Voice over IP，簡稱VoIP)服務近年來已逐漸成為熱門的服務，並且有機會將之與DNS服務結合，讓音訊能夠在多樣的網路環境中、尤其是在公共無線網路的環境，透過DNS通道進型傳輸。本論文將介紹專用的DNS通道設計，並在受限的方法中，經由DNS進行高效能的音訊傳輸。

關鍵字

DNS通道；加密流量

並列摘要

Domain Name System (DNS) is an essential service in Internet. It has been widely deployed in almost every network. We usually use DNS to resolve hostnames and IP addresses, but the functionality of DNS is not limited to resolution between name and address. There is various host information that DNS can provide. As its high availability and bidirectional communication characteristic, we consider other practical applications of DNS. The concept of DNS tunneling has been implemented by hackers to discuss exceptional usages and vulnerabilities in the design of DNS. Many implementations were designed to transmit IP packets over DNS, and widely used in restricted network environments. However, in some situations the capabilities of DNS service may differ drastically and DNS tunneling may become useless. In this thesis, we consider Voice over Internet Protocol (VoIP) which has recently become a popular service. We study the technical issues in transmitting VoIP traffic over DNS in various network environments, especially in Public Wireless LAN. This thesis introduces a dedicated DNS tunneling design and shows the voice traffic can be transmitted in a strict manner with high performance.