TY - GEN
T1 - Oblivious DNS over HTTPS (ODoH)
T2 - a practical privacy enhancement to DNS
AU - Singanamalla, Sudheesh
AU - Chunhapanya, Suphanat
AU - Hoyland, Jonathan
AU - Vavruša, Marek
AU - Verma, Tanya
AU - Wu, Peter
AU - Fayed, Marwan
AU - Heimerl Kurtis, Sullivan Nick
AU - Wood, Christopher
PY - 2021
Y1 - 2021
N2 - Abstract: The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public largescale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols’ performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.
AB - Abstract: The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public largescale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols’ performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.
U2 - 10.2478/popets-2021-0085
DO - 10.2478/popets-2021-0085
M3 - Conference contribution
VL - 4
SP - 575
EP - 592
BT - Proceedings on Privacy Enhancing Technologies (PoPETs)
ER -