Enumerating Privacy Leaks in DNS Data Collected Above the Recursive

Imana, Basileal and Korolova, Aleksandra and Heidemann, John
USC/Information Sciences Institute


Basileal Imana, Aleksandra Korolova and John Heidemann 2018. Enumerating Privacy Leaks in DNS Data Collected Above the Recursive. Proceedings of the ISOC NDSS Workshop on DNS Privacy (San Diego, California, USA, Feb. 2018). [PDF] [Dataset]


As with any information system consisting of data derived from people’s actions, DNS data is vulnerable to privacy risks. In DNS, users make queries through recursive resolvers to authoritative servers. Data collected below (or in) the recursive resolver directly exposes users, so most prior DNS data sharing focuses on queries above the recursive resolver. Data collected above a recursive resolver has largely been seen as posing a minimal privacy risk since recursive resolvers typically aggregate traffic for many users, thereby hiding their identity and mixing their traffic. Although this assumption is widely made, to our knowledge it has not been verified. In this paper we re-examine this assumption for DNS traffic above the recursive resolver. First, we show that two kinds of information appear in query names above the recursive resolver: IP addresses and sensitive domain names, such as those pertaining to health, politics, or personal or lifestyle information. Second, we examine how often these classes of potentially sensitive names appear in Root DNS traffic, using 48 hours of B-Root data from April 2017.


  author = {Imana, Basileal and Korolova, Aleksandra and Heidemann, John},
  title = {Enumerating Privacy Leaks in {DNS} Data
                    Collected Above the Recursive},
  booktitle = {Proceedings of the  {ISOC} {NDSS} Workshop on {DNS} Privacy },
  year = {2018},
  myorganization = {USC/Information Sciences Institute},
  sortdate = {2018-02-18},
  project = {ant, earr, retrofuturebridge, lacrend, researchroot, nipet},
  month = feb,
  address = {San Diego, California, USA},
  publisher = {The Internet Society},
  jlocation = {johnh: pafile},
  keywords = {dns, privacy, data leak, PII},
  url = {https://ant.isi.edu/%7ejohnh/PAPERS/Imana18a.html},
  pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Imana18a.pdf},
  talkurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Imana18a_talk.pdf},
  dataseturl = {https://ant.isi.edu/datasets/readmes/DITL_B_Root-20170411.README.txt},
  blogurl = {https://ant.isi.edu/blog/?p=1158},
  icon = {Imana18a_icon.png}