[dns-operations] resolvers considered harmful

Mark Allman mallman at icir.org
Thu Oct 23 19:29:02 UTC 2014


> The biggest problem I have with this paper is of terminology. 

No- I don't want every app to build in a resolver.  Madness!

Think of it as a change under-the-hood to gethostbyname().  Same
interface to the applications.  But, underneath it doesn't go query
whatever is in /etc/resolv.conf, but rather just walks the tree itself
(to the extent needed, based on the cache).

> Then, when it comes to privacy (the biggest problem with your
> proposal), I strongly disagree with the way you get rid of the
> problems by saying "we note that many users are willing to use open
> shared resolvers (e.g., Google DNS) and are therefore comfortable with
> directly attributable DNS requests arriving at a large third-party
> network". This is propaganda, not science. Users use Google Public DNS
> because their ISP's resolver is broken or slow, or because the ISP
> censors <http://www.bortzmeyer.org/dns-routing-hijack-turkey.html> or
> because the IP address is cool or simply because they feel that it's
> Google so it must be nice. They never perform an assessment of the
> public resolver privacy policy and practices, and they certainly don't
> analyze the tradeoffs. Most users (even most IT professionals) have no
> idea of the complex privacy issues associated with DNS.

I understand you have probably thought this through more than I have.
But, I have a couple of views here in addition to the above ...

  - Ultimately you're going to take the results of a DNS transaction and
    turn around and hit the given service with an application.  So,
    while I may have been some nebulous "someone at ICSI" during the
    name lookup, once I make the TCP connection I am not so anonymous
    anymore.

    That does not apply to all cases, of course.  I.e., I ask Verisign
    for google.com and then I TCP to Google and not Verisign.  So, in
    this case I could remain "someone at ICSI" to Verisign if I used the
    shared resolver.

  - I think a rational way to look at this is the way we look at privacy
    more generally.  If you communicate with someone then they'll know
    your IP.  If you don't want that, take some explicit step to prevent
    it (e.g., use Tor).  We get an obfuscation from shared resolvers
    now, but is that enough of a reason to keep them around?

allman



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141023/4e17c157/attachment.sig>


More information about the dns-operations mailing list