51
IETF DNS Privacy 1 ICANN-TechDay / Dublin, .IE - 10/2015 - Ver:01 Warren Kumari A short introduction and update on DPRIVE
![Page 1: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/1.jpg)
IETF DNS Privacy
1 ICANN-TechDay / Dublin, .IE - 10/2015 - Ver:01
Warren Kumari
A short introduction and update on DPRIVE
![Page 2: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/2.jpg)
What’s the problem?
2
![Page 3: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/3.jpg)
What’s the problem?
2
I hate doing expense reports…
![Page 4: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/4.jpg)
What’s the problem?
2
I hate doing expense reports…so I procrastinate…
![Page 5: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/5.jpg)
What’s the problem?
2
I hate doing expense reports…so I procrastinate…… and tidy up my desk
![Page 6: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/6.jpg)
What’s the problem?
2
I hate doing expense reports…so I procrastinate…… and tidy up my desk… and clean all the crumbs out of my keyboard
![Page 7: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/7.jpg)
What’s the problem?
2
I hate doing expense reports…so I procrastinate…… and tidy up my desk… and clean all the crumbs out of my keyboard… and do the laundry
![Page 8: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/8.jpg)
What’s the problem?
2
I hate doing expense reports…so I procrastinate…… and tidy up my desk… and clean all the crumbs out of my keyboard… and do the laundry… and then start reading Wikipedia….
![Page 9: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/9.jpg)
What’s the problem? (cont)
3 Attribution: xkcd is licensed by Randall Munroe under a Creative Commons Attribution-NonCommercial 2.5 License - XKCD from http://imgs.xkcd.com/comics/the_problem_with_wikipedia.png
![Page 10: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/10.jpg)
What’s the problem? (cont)
3
“99 Luftballons”
Attribution: xkcd is licensed by Randall Munroe under a Creative Commons Attribution-NonCommercial 2.5 License - XKCD from http://imgs.xkcd.com/comics/the_problem_with_wikipedia.png
![Page 11: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/11.jpg)
What’s the problem? (cont)
3
“99 Luftballons”→ “99 Red Balloons”
Attribution: xkcd is licensed by Randall Munroe under a Creative Commons Attribution-NonCommercial 2.5 License - XKCD from http://imgs.xkcd.com/comics/the_problem_with_wikipedia.png
![Page 12: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/12.jpg)
What’s the problem? (cont)
3
“99 Luftballons”→ “99 Red Balloons” → Nuclear accidents
Attribution: xkcd is licensed by Randall Munroe under a Creative Commons Attribution-NonCommercial 2.5 License - XKCD from http://imgs.xkcd.com/comics/the_problem_with_wikipedia.png
![Page 13: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/13.jpg)
What’s the problem? (cont)
3
“99 Luftballons”→ “99 Red Balloons” → Nuclear accidents→ [ Three hours of fascinated clicking ]
Attribution: xkcd is licensed by Randall Munroe under a Creative Commons Attribution-NonCommercial 2.5 License - XKCD from http://imgs.xkcd.com/comics/the_problem_with_wikipedia.png
![Page 14: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/14.jpg)
What’s the problem? (cont)
3
“99 Luftballons”→ “99 Red Balloons” → Nuclear accidents→ [ Three hours of fascinated clicking ] → websites on theefficiency of centrifugal enrichment of uranium-235
Attribution: xkcd is licensed by Randall Munroe under a Creative Commons Attribution-NonCommercial 2.5 License - XKCD from http://imgs.xkcd.com/comics/the_problem_with_wikipedia.png
![Page 15: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/15.jpg)
So what?
4
![Page 16: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/16.jpg)
So what?
4
All of the URLs I went to were https:// , so the content is protected, no-one is likely to get the wrong idea…
![Page 17: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/17.jpg)
So what?
4
All of the URLs I went to were https:// , so the content is protected, no-one is likely to get the wrong idea…
…but many of the domain names that my machine looked up were, um, suspicious, especially if taken out of context.
![Page 18: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/18.jpg)
So what?
4
All of the URLs I went to were https:// , so the content is protected, no-one is likely to get the wrong idea…
…but many of the domain names that my machine looked up were, um, suspicious, especially if taken out of context.
... and it has become clear that governments and pervasive monitors are using actively exploiting metadata for targeting.
![Page 19: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/19.jpg)
So what?
4
All of the URLs I went to were https:// , so the content is protected, no-one is likely to get the wrong idea…
…but many of the domain names that my machine looked up were, um, suspicious, especially if taken out of context.
... and it has become clear that governments and pervasive monitors are using actively exploiting metadata for targeting.
Am I really concerned about this particular case? Nah, I’m not that paranoid, but it makes a good example :-)
![Page 20: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/20.jpg)
RFC 7258 - Pervasive Monitoring Is an Attack
5
The IETF community's technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible.
![Page 21: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/21.jpg)
QNAME Minimization
6
draft-ietf-dnsop-qname-minimisation*
[*]:Submitted to IESG for Publication
![Page 22: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/22.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
DNS
![Page 23: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/23.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
www.example.com?
DNS
![Page 24: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/24.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
www.example.com?
where is
.com?
DNS
![Page 25: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/25.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
www.example.com?
where is
.com?
.com is
at 1.2.3.4
DNS
![Page 26: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/26.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
DNS
![Page 27: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/27.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
example.com is at 2.3.4.5
DNS
![Page 28: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/28.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
example.com is at 2.3.4.5
DNS
![Page 29: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/29.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
example.com is at 2.3.4.5
DNS
![Page 30: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/30.jpg)
How DNS works
7
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
example.com is at 2.3.4.5
DNS
![Page 31: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/31.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
DNS
![Page 32: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/32.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
www.example.com?
DNS
![Page 33: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/33.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
www.example.com?
where is
www.exam
ple.com?
DNS
![Page 34: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/34.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
DNS
![Page 35: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/35.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
DNS
![Page 36: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/36.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 37: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/37.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 38: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/38.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 39: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/39.jpg)
How DNS actually works
8
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 40: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/40.jpg)
QNAME attack surface
9
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 41: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/41.jpg)
QNAME attack surface
9
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 42: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/42.jpg)
QNAME attack surface
9
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 43: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/43.jpg)
QNAME attack surface
9
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 44: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/44.jpg)
QNAME attack surface
9
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
www.exam
ple.com?
.com is
at 1.2.3.4
where is www.example.com?
example.com is at 2.3.4.5
DNS
![Page 45: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/45.jpg)
QNAME Minimization
• Really short summary is that it makes the behavior be how people describe it…
• Only include .com when querying the root, only include example.com when querying .com, etc.
• Basically send the very minimum info needed to resolve the name.
10
![Page 46: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/46.jpg)
DPRIVE
11
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
example.com is at 2.3.4.5
DNS
![Page 47: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/47.jpg)
DPRIVE
11
Root
.com
example.com
http://www.example.com
where is www.example.com?
www.example.com is at 3.4.5.6
3.4.5.6
www.example.com?
where is
.com?
.com is
at 1.2.3.4
where is .example.com?
example.com is at 2.3.4.5
DNS
![Page 48: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/48.jpg)
DPRIVE WG
• This takes DNS privacy even further
• Encrypts the DNS messages themselves
• Addresses much more active attacks
• Complements QNAME minimization
12
![Page 49: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/49.jpg)
No Privacy15:48:29 IP 204.42.252.2.26838 > 199.19.53.1.53: A? www.aa.org. ar: . OPT UDPsize=4096 OK 0x0000:45000043a40a00004011125ecc2afc02 E..C….@..^.*..0x0010:c713350168d60035002fc48293110000 ..5.h.5./......0x0020:00010000000000010377777702616103 .........www.aa. 0x0030:6f726700000100010000291000000080 org.......)..... 0x0040:0000 ...
15:48:29 IP 199.19.53.1.53 > 204.42.252.2.26838:q: A? www.aa.org. 0/6/1 ns: aa.org. NS ns2.rackspace.com., aa.org. NS ns.rackspace.com. 0x0000:45000260414a000038117b01c7133501 E..`AJ..8.{...5.0x0010:cc2afc02003568d6024c230093118000 .*…5h..L#…..0x0020:00010000000600010377777702616103 .........www.aa.0x0030:6f72670000010001c010000200010001 org.............
13
![Page 50: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/50.jpg)
With DPRIVE
15:59:51 IP 204.42.252.2.42607 > 185.49.141.38.1021 0x0000:4500015bc9b0400040066167cc2afc02 E..[..@[email protected].*..0x0010:b9318d26a66f03fdda34fe90e31ee965 .1.&.o…4.....e0x0020:801800e50fd300000101080a783c373e ............x<7>0x0030:d637f74516030101220100011e0303d6 .7.E...."......0x0040:62f0d139ed30428d51e9802bfc89376e b..9.0B.Q..+..7n0x0050:09ddacbe0a20d6a5af716a70f9d6ea00 .........qjp....0x0060:0088c030c02cc028c024c014c00a00a3 ...0.,.(.$......0x0070:009f006b006a0039003800880087c032 ...k.j.9.8.....20x0080:c02ec02ac026c00fc005009d003d0035 ...*.&.......=50x0090:0084c012c00800160013c00dc003000a ................0x00a0:c02fc02bc027c023c013c00900a2009e ./.+.'.#........
14
![Page 51: IETF DNS Privacy - Home | ICANN Public Meetings · “99 Luftballons”→ “99 Red Balloons” → Nuclear accidents → [ Three hours of fascinated clicking ] → websites on the](https://reader034.documents.pub/reader034/viewer/2022050602/5fa964d8a63d8e4f6e5b7c29/html5/thumbnails/51.jpg)
... and now...
15
![PORTUGAL - WordPress.com › 2015 › 09 › portugal-our-struggle.pdfforthepasteight]-lenmonthsportugali-ias fascinated and absorbedtheworldbecausethere. fortheflrsttimeinany nato.countrysincen.a.t.o.wascreated.arevolution](https://static.documents.pub/doc/80x56/60c265bc0daa4c550a149ae9/portugal-a-2015-a-09-a-portugal-our-strugglepdf-forthepasteight-lenmonthsportugali-ias.jpg)