Abstract by Kimball Leavitt
Where do my DNS queries go?
The domain name system (DNS) is an integral part of the Internet. Virtually all Internet communication begins with a DNS query, where a client computer asks a DNS resolver for the Internet Protocol (IP) address of another computer. The information included in DNS queries - what domains (websites) people are visiting - is valuable. People want it. It can be sold and used for marketing and advertising, analyzed to detect malware, used for censoring websites, exploited by hackers, and so on.
DNS queries are primarily sent unencrypted over UDP. They can easily be viewed (and modified) by eavesdropppers. To plug this privacy hole, the Internet standards community has standardized DNS over TLS (DoT) and DNS over HTTPS (DoH). While both DoT and DoH provide the same levels of encryption, DoH has emerged as the most popular.
The reasons for DoH’s popularity are manifold. In this presentation, we will examine the motivations for companies to provide services like DoH. We will also comment on where people are sending their DNS queries. Finally, we will conclude that the DNS (and the Internet as a whole) will likely never be truly “private”.