Over the past several years, our research group has been exposing the various privacy risks of Domain Name System (DNS) traffic and developing mechanisms to improve DNS privacy.
Briefly, the DNS is the Internet protocol that maps a domain name like uchicago.edu to an Internet address, such as 34.200.129.209. The DNS has been used for many purposes over the years beyond simply Internet name lookups. For example, it has been used to implement so-called DNS-based blocklists which are critical to fighting spam and malware; additionally, monitoring DNS itself has become critical to many aspects of Internet security, as the presence of malware or infection on a network can be the first indication of compromise.
Unfortunately, the DNS also carries privacy risks: In 2016, we demonstrated that DNS queries can reveal information about the devices connected in your home. In 2017, we showed how DNS queries could allow an observer to determine which websites a user was visiting—even if the user was using a VPN or Tor. In particular, our research found that 40% of Tor’s exit nodes by bandwidth were using Google public DNS to resolve DNS queries, thus giving Google significant visibility into the traffic on the Tor network, across all users.
Since discovering these critical privacy threats, various stakeholders have suggested that changing the party that resolves DNS queries—the so-called “local recursive resolver”—could result in improved privacy. However, changing local recursive resolvers—say, from the default resolver to a public DNS resolver (such as those operated by Google or Cloudflare, for example) doesn’t solve the problem; rather, it only changes the party that one has to trust, from your Internet service provider to the operator of a public resolver.
In 2018, we—Paul Schmitt, Annie Edmunson, Allison Mankin, and I—figured there might be a way around this, if there were some way for a resolver to resolve a DNS query without knowing who (or, specifically, which IP address) issued the query. To achieve this goal, we designed and implemented Oblivious DNS. Oblivious DNS decouples the DNS query and response…
