Oblivious DNS: Practical Privacy for DNS Queries

Abstract Virtually every Internet communication typically involves a Domain Name System (DNS) lookup for the destination server that the client wants to communicate with. Operators of DNS recursive resolvers—the machines that receive a client’s query for a domain name and resolve it to a corresponding IP address—can learn significant information about client activity. Past work, for example, indicates that DNS queries reveal information ranging from web browsing activity to the types of devices that a user has in their home. Recognizing the privacy vulnerabilities associated with DNS queries, various third parties have created alternate DNS services that obscure a user’s DNS queries from his or her Internet service provider. Yet, these systems merely transfer trust to a different third party. We argue that no single party ought to be able to associate DNS queries with a client IP address that issues those queries. To this end, we present Oblivious DNS (ODNS), which introduces an additional layer of obfuscation between clients and their queries. To do so, ODNS uses its own authoritative namespace; the authoritative servers for the ODNS namespace act as recursive resolvers for the DNS queries that they receive, but they never see the IP addresses for the clients that initiated these queries. We present an initial deployment of ODNS; our experiments show that ODNS introduces minimal performance overhead, both for individual queries and for web page loads. We design ODNS to be compatible with existing DNS protocols and infrastructure, and we are actively working on an open standard with the IETF.

[1]  Ratul Mahajan,et al.  Analyzing the Performance of an Anycast CDN , 2015, Internet Measurement Conference.

[2]  Wettbewerb Aufgabe 1 1 1 1 , 2005 .

[3]  John S. Heidemann,et al.  Anycast Latency: How Many Sites Are Enough? , 2017, PAM.

[4]  Jacob Appelbaum,et al.  IETF RFC 7686: The ".onion" Special-Use Domain Name , 2015 .

[5]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[6]  Giovane C. M. Moura,et al.  Increasing DNS Security and Stability through a Control Plane for Top-Level Domain Operators , 2017, IEEE Communications Magazine.

[7]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[8]  Stephane Bortzmeyer DNS Query Name Minimisation to Improve Privacy , 2016, RFC.

[9]  Aziz Mohaisen,et al.  Measuring the Leakage of Onion at the Root: A measurement of Tor's .onion pseudo-TLD in the global domain name system , 2014, WPES.

[10]  Yasushi Shinjo,et al.  VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls , 2014, NSDI.

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  Rebecca E. Grinter,et al.  Measuring and Mitigating Web Performance Bottlenecks in Broadband Access Networks , 2014 .

[13]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[14]  Paul Vixie,et al.  Extension Mechanisms for DNS (EDNS0) , 1999, RFC.

[15]  Haya Shulman Pretty Bad Privacy: Pitfalls of DNS Encryption , 2014, WPES.

[16]  Robert Tappan Morris,et al.  DNS performance and the effectiveness of caching , 2001, IMW '01.

[17]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[18]  M. H. Jalalzai,et al.  DNS security challenges and best practices to deploy secure DNS with digital signatures , 2015, 2015 12th International Bhurban Conference on Applied Sciences and Technology (IBCAST).

[19]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[20]  Joaquín García,et al.  Evaluation of Two Privacy-Preserving Protocols for the DNS , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[21]  Anees Shaikh,et al.  On the responsiveness of DNS-based network control , 2004, IMC '04.

[22]  Radu State,et al.  DNSSM: A large scale passive DNS security monitoring framework , 2012, 2012 IEEE Network Operations and Management Symposium.

[23]  Fabian Monrose,et al.  DNS Prefetching and Its Privacy Implications: When Good Things Go Bad , 2010, LEET.

[24]  Wenke Lee,et al.  Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries , 2008, CCS.

[25]  Carlo Contavalli,et al.  Client Subnet in DNS Queries , 2016, RFC.

[26]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[27]  Daniel Massey,et al.  Deploying and Monitoring DNS Security (DNSSEC) , 2009, 2009 Annual Computer Security Applications Conference.

[28]  Michael Graff,et al.  Extension Mechanisms for DNS (EDNS(0)) , 2013, Request for Comments.

[29]  John S. Heidemann,et al.  Connection-Oriented DNS to Improve Privacy and Security , 2015, 2015 IEEE Symposium on Security and Privacy.

[30]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[31]  Hannes Federrath,et al.  EncDNS: A Lightweight Privacy-Preserving Name Resolution Service , 2014, ESORICS.

[32]  Paul E. Hoffman,et al.  Specification for DNS over Transport Layer Security (TLS) , 2016, RFC.

[33]  Tirumaleswar Reddy,et al.  DNS over Datagram Transport Layer Security (DTLS) , 2017, RFC.

[34]  Amir Herzberg,et al.  Retrofitting Security into Network Protocols: The Case of DNSSEC , 2014, IEEE Internet Computing.

[35]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[36]  Hannes Federrath,et al.  Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-Based Protection Methods , 2011, ESORICS.

[37]  Nick Feamster,et al.  Community contribution award -- Measuring and mitigating web performance bottlenecks in broadband access networks , 2013, Internet Measurement Conference.

[38]  Nick Feamster,et al.  The Effect of DNS on Tor's Anonymity , 2016, NDSS.