Encryption without centralization: distributing DNS queries across recursive resolvers

  title={Encryption without centralization: distributing DNS queries across recursive resolvers},
  author={Austin Hounsel and Paul Schmitt and Kevin Borgolte and Nick Feamster},
  journal={Proceedings of the Applied Networking Research Workshop},
Emerging protocols such as DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) improve the privacy of DNS queries and responses. While this trend towards encryption is positive, deployment of these protocols has in some cases resulted in further centralization of the DNS, which introduces new challenges. In particular, centralization has consequences for performance, privacy, and availability; a potentially greater concern is that it has become more difficult to control the choice of DNS recursive… Expand

Figures and Tables from this paper


dnscrypt-proxy 2: A flexible DNS proxy, with support for encrypted DNS protocols
  • 2021
A safer and more private browsing experience with Secure DNS
  • 2020
Associatian for Computing Machinery
  • Proceedings of the 2020 Internet Measurement Conference (IMC) (Virtual Event
  • 2020
Clouding up the Internet: how centralized is DNS traffic becoming?
DNS and computing centralization is measured by analyzing DNS traffic collected at a DNS root server and two country-code top-level domains and shows one positive side to centralization: once a cloud provider deploys a security feature -- such as QNAME minimization -- it quickly benefits a large number of users. Expand
Comparing the Effects of DNS, DoT, and DoH on Web Performance
This paper measures the effect of Do53, DoT, and DoH on query response times and page load times from five global vantage points and provides several recommendations to improve DNS performance, such as opportunistic partial responses and wire format caching. Expand
Firefox continues push to bring DNS over HTTPS by default for US users
  • 2020
K-resolver: Towards Decentralizing Encrypted DNS Resolution
K-resolver is proposed, a DNS resolution mechanism that disperses DNS queries across multiple DoH resolvers, reducing the amount of information about a user's browsing activity exposed to each individual resolver. Expand
Putting DNS in Context
  • M. Allman
  • Computer Science
  • Internet Measurement Conference
  • 2020
This paper studies the Domain Name System in context with data from a residential ISP and finds that a majority of applications transactions incur no direct DNS costs and for those that do the cost is minimal. Expand
An Empirical Study of the Cost of DNS-over-HTTPS
It is found that overheads incurred by the additional layers of the DoH transport only have limited impact on page load times, suggesting that it is possible to obtain the improved security of DoH with only marginal performance impact. Expand
DNS Observatory: The Big Picture of the DNS
DNS Observatory is introduced: a new stream analytics platform that provides a bird's-eye view on the DNS, and examines how DNS TTL adjustments can impact query volumes, anticipate upcoming changes to DNS infrastructure, and how negative caching TTLs affect the Happy Eyeballs algorithm. Expand