Privacy in the DNS. DoT and DoH.

Privacy in the Domain Name System has become a hot topic recently. From Internet Governance, operations all the way to new protocol design this concern has spurned activity.

Privacy in the Domain Name System has become a hot topic recently. From Internet Governance, operations all the way to new protocol design this concern has spurned activity.

The DNS has long suffered from protocol-level weaknesses like cache-poisoning attacks and potential denial-of-service situations. However most of these have been addressed by the now established (although sadly not fully deployed yet) DNSSEC set of cryptographic tools.

However, privacy concerns are late comers. Not until the last few years the global Internet community did come to realize that although the contents of a DNS zone are public, the relationship between origin client and query should probably not be public.

The names we query the DNS for can reveal a lot and could allow an adversary opportunity to infer users’ online behaviours.

This presentation aims to bring the topic of DNS privacy to a wider audience and to go over the proposed solutions.

This talk now includes only privacy but DNSSEC could be added. It could also become a 2 or 3 hour tutorial including deploying DoT and DoH servers.