Holes in the Geofence: Privacy Vulnerabilities in “Smart” DNS Services

Smart DNS (SDNS) services advertise access to "geofenced" content (typically, video streaming sites such as Netflix or Hulu) that is normally inaccessible unless the client is within a prescribed geographic region. SDNS is simple to use and involves no software installation. Instead, it requires only that users modify their DNS settings to point to an SDNS resolver. The SDNS resolver "smartly" identifies geofenced domains and, in lieu of their proper DNS resolutions, returns IP addresses of proxy servers located within the geofence. These servers then transparently proxy traffic between the users and their intended destinations, allowing for the bypass of these geographic restrictions. This paper presents the first academic study of SDNS services. We identify a number of serious and pervasive privacy vulnerabilities that expose information about the users of these systems. These include architectural weaknesses that enable content providers to identify which requesting clients use SDNS. Worse, we identify flaws in the design of some SDNS services that allow {\em any} arbitrary third party to enumerate these services' users (by IP address), even if said users are currently offline. We present mitigation strategies to these attacks that have been adopted by at least one SDNS provider in response to our findings.

[1]  Paul Francis,et al.  IDMaps: a global internet host distance estimation service , 2001, TNET.

[2]  Ian Goldberg,et al.  SoK: Making Sense of Censorship Resistance Systems , 2016, Proc. Priv. Enhancing Technol..

[3]  Bo Zhang,et al.  Towards network triangle inequality violation aware distributed systems , 2007, IMC '07.

[4]  Micah Sherr,et al.  An Extensive Evaluation of the Internet's Open Proxies , 2018, ACSAC.

[5]  Niels Provos,et al.  Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing , 2010, TOIT.

[6]  Christian Rossow,et al.  Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS , 2019, FOCI @ USENIX Security Symposium.

[7]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[8]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[9]  D. Dittrich,et al.  The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research , 2012 .

[10]  W. Douglas Maughan,et al.  DNSSEC: a protocol toward securing the internet infrastructure , 2007, CACM.

[11]  Paul E. Hoffman,et al.  Specification for DNS over Transport Layer Security (TLS) , 2016, RFC.

[12]  J. Alex Halderman,et al.  Quack: Scalable Remote Measurement of Application-Layer Censorship , 2018, USENIX Security Symposium.

[13]  Mark Allman,et al.  On modern DNS behavior and properties , 2013, CCRV.

[14]  Micah Sherr,et al.  Bypassing Tor Exit Blocking with Exit Bridge Onion Services , 2020, CCS.

[15]  Nick Feamster,et al.  Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests , 2015, SIGCOMM.

[16]  Steven J. Murdoch,et al.  Do You See What I See? Differential Treatment of Anonymous Users , 2016, NDSS.

[17]  Micah Sherr,et al.  Ephemeral Exit Bridges for Tor , 2020, 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[18]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[19]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[20]  Jacob Appelbaum,et al.  OONI: Open Observatory of Network Interference , 2012, FOCI.

[21]  Robert Tappan Morris,et al.  DNS performance and the effectiveness of caching , 2001, IMW '01.

[22]  Bruce M. Maggs,et al.  A Longitudinal, End-to-End View of the DNSSEC Ecosystem , 2017, USENIX Security Symposium.

[23]  Walt Wimer Clarifications and Extensions for the Bootstrap Protocol , 1993, RFC.

[24]  Eric Wustrow,et al.  The use of TLS in Censorship Circumvention , 2019, NDSS.

[25]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[26]  Scott Russell,et al.  The EU General Data Protection Regulation (GDPR) , 2018 .

[27]  Nick Feamster,et al.  The Effect of DNS on Tor's Anonymity , 2016, NDSS.

[28]  Chase Cotton,et al.  An investigation on information leakage of DNS over TLS , 2019, CoNEXT.

[29]  Vern Paxson,et al.  Characterizing the Nature and Dynamics of Tor Exit Blocking , 2018, USENIX Security Symposium.

[30]  Perry B. Gentry What is a VPN? , 2001, Inf. Secur. Tech. Rep..

[31]  Vern Paxson,et al.  SoK: Towards Grounding Censorship Circumvention in Empiricism , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[32]  Stephane Bortzmeyer,et al.  DNS Privacy Considerations , 2015, RFC.

[33]  Carmela Troncoso,et al.  Encrypted DNS -> Privacy? A Traffic Analysis Perspective , 2019, NDSS.

[34]  Jia Wang,et al.  Proceedings of the 2002 Usenix Annual Technical Conference a Precise and Efficient Evaluation of the Proximity between Web Clients and Their Local Dns Servers , 2022 .

[35]  Eric Rescorla,et al.  Encrypted Server Name Indication for TLS 1.3 , 2000 .

[36]  Sotiris Ioannidis,et al.  A Large-scale Analysis of Content Modification by Open HTTP Proxies , 2018, NDSS.

[37]  Vern Paxson,et al.  Exploring Server-side Blocking of Regions , 2018, ArXiv.

[38]  Narseo Vallina-Rodriguez,et al.  An Empirical Analysis of the Commercial VPN Ecosystem , 2018, Internet Measurement Conference.

[39]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[40]  Steve Uhlig,et al.  IP geolocation databases: unreliable? , 2011, CCRV.

[41]  Vyas Sekar,et al.  How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation , 2018, Internet Measurement Conference.