[dns-operations] ODNS: Oblivious DNS

Paul Hoffman phoffman at proper.com
Wed Apr 18 14:09:52 UTC 2018 

On 18 Apr 2018, at 5:38, Yonghua Peng wrote:

> https://odns.cs.princeton.edu/
>
> It is well known that DNS leaks information that an Internet user may 
> want to keep private, such as the websites she is visiting, user 
> identifiers, MAC addresses, and the subnet in which she is located. 
> This information can be visible to a 3rd party eavesdropping on the 
> communication between a client and a recursive resolver, or even 
> between a recursive resolver and an authoritative server. As this 
> information is sent to each DNS server, DNS operators can also see 
> clients’ information.
>
> While there has been some previous work on increasing privacy in DNS 
> infrastructure, such as DNS Query Name Minimization and DNS-Over-TLS, 
> these approaches do not fully solve the problem. Both of these are 
> steps in the right direction, but neither prevent DNS operators from 
> learning information which domains specific users are interested in. 
> Our work is concerned with a powerful adversary that has the 
> capabilities to: 1) eavesdrop on communications between clients and 
> recursive resolvers, and between recursive resolvers and authoritative 
> name servers, 2) request data (via subpoena/warrant) from any number 
> of DNS operators, 3) maliciously access data at any DNS server.
>
> To address this type of attacker, we present Oblivious DNS (ODNS), 
> which is a new design of the DNS ecosystem that allows current DNS 
> servers to remain unchanged and increases privacy for data in motion 
> and at rest. In the ODNS system, both the client is modified with a 
> local resolver, and there is a new authoritative name server for 
> .odns. To prevent an eavesdropper from learning information, the DNS 
> query must be encrypted; the client generates a request for 
> www.foo.com, generates a session key k, encrypts the requested domain, 
> and appends the TLD domain .odns, resulting in {www.foo.com}k.odns. 
> The client forwards this, with the session key encrypted under the 
> .odns authoritative server’s public key ({k}PK) in the “Additional 
> Information” record of the DNS query to the recursive resolver, 
> which then forwards it to the authoritative name server for .odns. The 
> authoritative server decrypts the session key with his private key, 
> and then subsequently decrypts the requested domain with the session 
> key. The authoritative server then forwards the DNS request to the 
> appropriate name server, acting as a recursive resolver. While the 
> name servers see incoming DNS requests, they do not know which clients 
> they are coming from; additionally, an eavesdropper cannot connect a 
> client with her corresponding DNS queries.

If the adversary can "eavesdrop on communications between clients and 
recursive resolvers" and can "request data (via subpoena/warrant) from 
any number of DNS operator", it would seem that the adversary would be 
able to see the {www.foo.com}k.odns request from the client, force 
whoever is running the ODNS server to divulge the query and the 
response, and then correlate them.

--Paul Hoffman

More information about the dns-operations mailing list