How can we better protect the privacy and confidentiality of DNS queries? While DNSSEC protects the integrity of answers coming back from DNS (i.e. ensuring they aren’t modified in transit), what can be done to protect the confidentiality and privacy of information retrieved from DNS? Particularly against the kind of pervasive monitoring and large-scale network sniffing we’ve become aware of?
We mentioned previously that at IETF 89 this month in London there was the “Encryption of DNS requests for confidentiality” (DNSE) BOF looking at these topics. There was vigorous discussion during that BOF and then at the DNSOP working group meeting. That large amount of interest has now sparked the creation of a new mailing list for all those interested in participating. This “dns-privacy” list is public and open to anyone to subscribe:
As you can see from the mailing list archive, there is already some discussion underway. If you want some background the Internet drafts draft-bortzmeyer-dnsop-dns-privacy and draft-koch-perpass-dns-confidentiality may be useful.
While this doesn’t specifically related to the DNSSEC topic we cover here on Deploy360, it is part of the same overall space of “making DNS more secure” and so I thought it would be useful to point people to this new list.
Working together as an industry and community, we can make DNS more secure! Please do join in and help out.