Analyzing and Mitigating Privacy with the DNS Root Service

Hardaker, Wes
USC/Information Sciences Institute


Wes Hardaker 2018. Analyzing and Mitigating Privacy with the DNS Root Service. Proceedings of the ISOC NDSS Workshop on DNS Privacy (San Diego, California, USA, Feb. 2018). [PDF]


Processing of all DNS requests start at the root of the DNS tree and make use of either cached data from previous requests, or by traversing the DNS tree for the missing information. When QNAME minimization is not in use, queries forwarded to the parental nodes in the DNS tree may leak private DNS query data. In this paper we examine 31 days during the month of January 2017 of queries sent from two recursive resolvers placed in two residential networks to the DNS root server operated by USC/ISI’s, analyzing the leaked QNAMEs for an impact on the network’s privacy. We then compare a few DNS privacy preserving techniques against the privacy analysis against these networks. Finally, we introduce a new solution called “LocalRoot”that enables users to entirely mitigate privacy concerns when interacting with the DNS root server system, while other solutions fail to completely protect users from all privacy analysis methods.


  author = {Hardaker, Wes},
  title = {Analyzing and Mitigating Privacy with the {DNS} Root Service},
  booktitle = {Proceedings of the  {ISOC} {NDSS} Workshop on {DNS} Privacy },
  year = {2018},
  myorganization = {USC/Information Sciences Institute},
  sortdate = {2018-02-18},
  project = {ant, earr, researchroot, nipet},
  month = feb,
  address = {San Diego, California, USA},
  publisher = {The Internet Society},
  location = {johnh: pafile},
  keywords = {dns, privacy, data leak, PII},
  pdfurl = {}