When DNS Goes Dark: Understanding Privacy and Shaping Policy of an Evolving Protocol

Abstract

The Domain Name Service (DNS) is the most widely deployed Internet service. Stark in its simplicity, it maps host names to routable IP addresses. Replacing a collection of names mapped to IP addresses stored in a disk file, modern DNS is now a scalable, hierarchical, decentralized, and world-wide naming system for Internet resources. Because of its ubiquity and importance, as well as the fact that queries are performed in cleartext, DNS remains an attractive target for malicious and benign actors. But the rising interest in privacy driven by pervasive monitoring and the commodification of personal data has triggered the need for encryption in key Internet protocols, including DNS. DNS is evolving to increasingly support confidentiality and privacy; DNS over TLS (DoT) and DNS over HTTPS (DoH) have been standardized with encryption between the user and DNS server. While these protocols appear to preserve user privacy, unintended consequences within the DNS ecosystem still exist. We explore the effects of encrypted DNS on the privacy of individuals, and ascertain whether these protocols and their operational reality have achieved the goal of increased user privacy. Further, we examine privacy policies of twelve public DNS providers in the context of select articles from the EU General Data Protection Regulation (GDPR) legislation. Finally, we examine the important role standards bodies, regulatory agencies, and non-government organizations (NGO) can play to ensure continued user privacy even as the DNS protocol continues to evolve. We propose approaches that address the unique privacy attributes of DNS: mostly invisible to the user, yet offering operators of DNS resolver services uniquely-detailed visibility into user behavior.