Anonymous Datagrams over DNS Records

摘要

Many privacy-enhancing architectures require an anonymous communication channel as a component to acquire tokens or other material from a centralized authority without revealing the requester's identity. While anonymous routing overlays like Tor can provide the required anonymity for TCPlike data streams, it increases dependence on third party infrastructure, and widespread use may overload the Tor network's current capacity. Therefore, we propose to use requests in the Domain Name System as an anonymization layer by forwarding packets over public DNS resolvers operating in recursive mode. In contrast to existing approaches, we focus on UDP datagram transport. As an example use case, we implemented a system for anonymous issuance of blind signatures. We evaluate our domaintailored solution against existing approaches like Tor and analyze its performance and privacy guarantees. Evaluation results show that the achievable data rate using the DNS-based anonymous channel is sufficient for many practical use cases, and that the provided anonymity is comparable to that provided by the Tor network.