March 25, 2020

230 words 2 mins read

DNS Privacy in Practice - Measuring Deployment of DoT, DoH, and TFO

DNS Privacy in Practice - Measuring Deployment of DoT, DoH, and TFO

An increased demand for privacy in Internet communications has resulted in privacy-centric enhancements to the Domain Name System (DNS), including the use of Trans …

Talk Title DNS Privacy in Practice - Measuring Deployment of DoT, DoH, and TFO
Speakers Casey Deccio (Brigham Young University)
Conference NANOG78
Conf Tag
Location San Francisco, CA
Date Feb 10 2020 - Feb 12 2020
URL Talk Page
Slides Talk Slides
Video Talk Video

An increased demand for privacy in Internet communications has resulted in privacy-centric enhancements to the Domain Name System (DNS), including the use of Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS) for DNS queries. In this paper, we seek to answer questions about their deployment, including their prevalence and their characteristics. Our work includes an analysis of DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) availability at open resolvers and authoritative DNS servers. We find that DoT and DoH services exist on just a fraction of open resolvers, but among them are the major vendors of public DNS services. We also analyze the state of TCP Fast Open (TFO), which is considered key to reducing the latency associated with TCP-based DNS queries, required by DoT and DoH. The uptake of TFO is extremely low, both on the server side and the client side, and it must be improved to avoid performance degradation with continued adoption of DNS Privacy enhancements.

Casey Deccio:

comments powered by Disqus