DNS privacy concerns are rising. DNS queries are sent in plain text by default, attackers can perform massive surveillance of unencrypted DNS traffic. Recursive resolvers know about the query domain name and the client IP address, which allows for fingerprinting of individual users. In order to mitigate privacy leaks in DNS, in this paper we propose a public key based EDNS Privacy Tunnel (EPT) padding option for DNS. EPT takes advantage of the public key encryption to hide the query domain name from recursive resolvers, reduce the client IP address leakage to authoritative servers, and defense against censorship and lying recursive resolvers.
展开▼