Why is DNS a privacy concern?
The DNS is one of the most significant leaks of data about an individuals activity on the Internet.
Some of the issues in simple terms:
Almost every activity on the Internet starts with a DNS query (and often several). A key function of the DNS is to map human readable names (e.g. example.com) to IP addresses that computers need in order to connect to each other.
- Those queries can reveal not only what websites an individual visits but also meta data about other services such as the domains of email contacts or chat services.
- Whilst the data in the DNS is public, individual transactions made by an end user should not be public.
- However DNS queries are sent in clear text (using UDP or TCP) which means passive eavesdroppers can observe all the DNS lookups performed.
- The DNS is a globally distributed system that crosses international boundaries and often uses servers in many different countries in order to provide resilience.
- It is well known that the NSA used the MORECOWBELL and QUANTUMDNS tools to perform covert monitoring, mass surveillance and hijacking of DNS traffic.
- Some ISPs log DNS queries at the resolver and share this information with third-parties in ways not known or obvious to end users.
- Some ISPs embed user information (e.g. a user id or MAC address) within DNS queries that go to the ISPs resolver in order to provide services such as Parental Filtering. This allows for fingerprinting of individual users.
- Some CDNs embed user information (client subnets) in queries from resolvers to authoritative servers (to geo-locate end users). This allows for correlations of queries to particular subnets.
An overview of the problems is given in this Tutorial: DNS Privacy Tutorial.
For an expert review of this topic recommended reading is DNS Privacy Considerations.
At the moment only a handful of experimental DNS servers support DNS-over-TLS and no desktop or mobile operating systems support DNS-over-TLS as a built-in option yet. (Many users have resorted to using Google Public DNS on 126.96.36.199 to bypass their local ISP for censorship/surveillance reasons but sadly it doesn't support DNS-over-TLS yet.) Work is in progress on building Apps (e.g. Stubby) for end users that will enable them to choose to use DNS-over-TLS and to select the specific DNS server they want to use.
It is possible that in future a different transport might be used for DNS (e.g. HTTPS or QUIC) but today the only method standardized by the IETF is DNS-over-TLS.
Unfortunately the Server Name Indicator header in HTTPS messages also reveals the name of the website contacted by the user so provides a similar leakage channel for web traffic as the DNS queries. However there is work underway to try to encrypt that information too.