There is work underway to develop a Best Current Practices document for operators of DNS privacy services. At the moment the document is submitted to the IEFT for initial review, but it may move to another forum in future such as the RIPE BCOP task force. (Thanks to the Open Technology Fund for supporting the work on this by dnspivacy.org)

The document is available here:
https://datatracker.ietf.org/doc/draft-dickinson-dprive-bcp-op/

It includes sections on:

  • Recommendations for threat mitigations
    • One the wire (i.e. stub to resolver)
    • Data at rest (e.g. logs of traffic)
    • Data sent upstream (queries and data shared with third parties)
  • Content for a DNS Privacy Policy and Practice Statement
  • A review of existing pseudonymization and anonymization techniques for IP adresses
  • A comparison of the policies and practice of Google PublicDNS, Cloudflare, Quad9 and OpenDNS


Some of the research that was done as background for this draft is also published here:



  • No labels