Measuring the Feasibility of DNS Privacy and Security

Abstract

Nearly every service on the Internet relies on the Domain Name System (DNS), which translates human-readable names to IP addresses. Originally, the DNS was designed without security and privacy concerns in mind. This has left users’ DNS traffic subject to eavesdropping, tampering, and censorship. In response, encrypted DNS protocols and DNS Security Extensions (DNSSEC) have seen increased deployment.Although these developments stand to improve users’ security and privacy, two questions remain unanswered. First, it is unclear whether encrypted DNS protocols yield acceptable performance for popular applications, such as web browsers. Second, it is unclear whether users can reliably retrieve and validate DNS records that are supposedly protected by DNSSEC. Without answers to these questions, popular applications may choose to not utilize these technologies, compromising the security and privacy of their users. This thesis studies the feasibility of deploying DNS security and privacy technologies for everyday use through various Internet measurements. We first measure the performance of encrypted DNS protocols from data centers and home networks through query response times and page load times. We find that although encrypted DNS protocols generally result in longer query response times than traditional, unencrypted DNS, these protocols can perform comparably with well-chosen connection timeouts, connection reuse, and the usage of popular recursive resolvers. We also find that despite generally higher query response times, web pages can load faster with encrypted DNS protocols.We then collaborate with a major browser vendor to measure how often users can successfully retrieve and validate records with DNSSEC. To do so, we deploy a measurement add-on to a globally-distributed random sample of the browser’s release users. The add-on issues requests for various records types for a domain name that we control using the browser’s locally configured recursive resolver. We find that many users were unable to retrieve the correct DNSSEC records they needed to perform validation. Such failure prevents users from being able to reliably determine whether their DNS traffic is under attack or not.