BCP 232

A Best Current Practices document for operators of DNS privacy services had been developed in the IETF.  (Thanks to the Open Technology Fund for supporting the work on this by dnspivacy.org)

The document is available here: BCP232

It includes sections on:

  • Recommendations for threat mitigations
    • One the wire (i.e. stub to resolver)
    • Data at rest (e.g. logs of traffic)
    • Data sent upstream (queries and data shared with third parties)
  • Content for a DNS Privacy Policy and Practice Statement
  • A review of existing pseudonymization and anonymization techniques for IP adresses
  • A comparison of the policies and practice of Google PublicDNS, Cloudflare, Quad9 and OpenDNS

Some of the research that was done as background for this draft is also published here:

European Resolver Policy

Also see the work done by the EDDI in developing the European Resolver Policy which is heavily based on BCP 232.