EPT: EDNS Privacy Tunnel for DNS

  • Lanlan PanEmail author
  • Jie Chen
  • Anlei Hu
  • Xuebiao Yuchi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11611)


DNS privacy concerns are growing. Recursive resolvers such as ISP DNS and Google Public DNS are serving massive clients, which could fingerprint individual users and analysis the domain interest of users easily. In order to mitigate user privacy leaks on recursive resolvers, in this paper we propose an EDNS privacy tunnel (EPT) extension for DNS. EPT can hide the query domain name from recursive resolvers through public key encryption, avoid big data analysis on individual users, defense against censorship and lying recursive resolvers.


DNS Privacy Censorship Hijack ECS EPT 


  1. 1.
    Imana, B., Korolova, A., Heidemann, J.: Enumerating privacy leaks in DNS data collected above the recursive. In NDSS: DNS Privacy Workshop, February 2018Google Scholar
  2. 2.
    Siby, S., Juarez, M., Vallina-Rodriguez, N., Troncoso, C.: DNS Privacy not so private: the traffic analysis perspective (2018)Google Scholar
  3. 3.
    Bradshaw, S., DeNardis, L.: Privacy by infrastructure: the unresolved case of the domain name system. Policy Internet 11(1), 16–36 (2019)CrossRefGoogle Scholar
  4. 4.
    Contavalli, C., van der Gaast, W., Lawrence, D., Kumari, W.: Client Subnet in DNS Queries. RFC7871 (2016)Google Scholar
  5. 5.
    Kintis, P., Nadji, Y., Dagon, D., Farrell, M., Antonakakis, M.: Understanding the privacy implications of ECS. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 343–353. Springer, Cham (2016). Scholar
  6. 6.
    Hu, Z., et al.: Specification for DNS over Transport Layer Security (TLS). RFC 7858 (2016)Google Scholar
  7. 7.
    Reddy, T., Wing, D., Patil, P.: DNS over Datagram Transport Layer Security (DTLS). No. RFC 8094 (2017)Google Scholar
  8. 8.
    Dempsky, M.: DNSCurve: link-level security for the domain name system. Work in Progress, draft-dempsky-dnscurve-01 (2010)Google Scholar
  9. 9.
  10. 10.
    Wijngaards, W., Wiley, G.: Confidential DNS. IETF Draft (2015).
  11. 11.
    Kumari, W., Hoffman, P.: Decreasing Access Time to Root Servers by Running One on Loopback. RFC 7706 (2015)Google Scholar
  12. 12.
    Bortzmeyer, S.: DNS Query Name Minimisation to Improve Privacy. RFC7816 (2016)Google Scholar
  13. 13.
    Herrmann, D., Fuchs, K.-P., Lindemann, J., Federrath, H.: EncDNS: a lightweight privacy-preserving name resolution service. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 37–55. Springer, Cham (2014). Scholar
  14. 14.
    Schmitt, P., Edmundson, A., Feamster, N.: Oblivious DNS: practical privacy for DNS queries. arXiv preprint arXiv:1806.00276 (2018)
  15. 15.
    Damas, J., Graff, M., Vixie, P.: Extension mechanisms for DNS (EDNS (0)). RFC 6891 (2013)Google Scholar
  16. 16.
    Greschbach, B., Pulls, T., Roberts, L.M., Winter, P., Feamster, N.: The Effect of DNS on Tor’s Anonymity. arXiv preprint arXiv:1609.08187 (2016)
  17. 17.
    Chen, Y., Antonakakis, M., Perdisci, R., Nadji, Y., Dagon, D., Lee, W.: DNS noise: measuring the pervasiveness of disposable domains in modern DNS traffic. In: 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 598–609. IEEE, June 2014Google Scholar
  18. 18.
  19. 19.
    Martínez, V.G., Encinas, L.H.: A comparison of the standardized versions of ECIES. In: Sixth International Conference on Information Assurance and Security (IAS), pp. 1–4. IEEE, August 2010Google Scholar
  20. 20.
    Pan, L., Yuchi, X., Wang, J., Hu, A.: A public key based EDNS privacy tunnel for DNS. In: 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 1722–1724. IEEE, August 2018Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Geely Automobile Research InstituteHangzhouChina
  2. 2.China Internet Network Information CenterBeijingChina
  3. 3.Chinese Academy of SciencesBeijingChina

Personalised recommendations