Understanding the Privacy Implications of ECS
The edns-client-subnet (ECS) is a new extension for the Domain Name System (DNS) that delivers a “faster Internet” with the help of client-specific DNS answers. Under ECS, recursive DNS servers (recursives) provide client network address information to upstream authorities, permitting topologically localized answers for content delivery networks (CDNs). This optimization, however, comes with a privacy penalty that has not yet been studied. Our analysis concludes that ECS makes DNS communications less private: the potential for mass surveillance is greater, and stealthy, highly targeted DNS poisoning attacks become possible.
Despite being an experimental extension, ECS is already deployed, and users are expected to “opt out” on their own. Yet, there are no available client-side tools to do so. We describe a configuration of an experimental recursive tool to reduce the privacy leak from ECS queries in order to immediately allow users to protect their privacy. We recommend the protocol change from “opt out” to “opt in”, given the experimental nature of the extension and its privacy implications.
This material is based upon work supported in part by the US Department of Commerce under grant no. 2106DEK and Sandia National Laboratories grant no. 2106DMU. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Department of Commerce nor Sandia National Laboratories.
- 2.Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (Proposed Standard), March 2005. http://www.ietf.org/rfc/rfc4033.txt, updated by RFCs 6014, 6840
- 3.Bortzmeyer, S.: DNS Privacy Considerations, April 2014. https://tools.ietf.org/id/draft-bortzmeyer-dnsop-dns-privacy-02.txt
- 4.Calder, M., Fan, X., Hu, Z., Katz-Bassett, E., Heidemann, J., Govindan, R.: Mapping the expansion of Google’s serving infrastructure. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 313–326. ACM, New York (2013). http://doi.acm.org/10.1145/2504730.2504754
- 5.Contavalli, C., Gaast, W.V.D., Leach, S., Rodden, D.: Client Subnet in DNS Requests (draft-vandergaast-edns-client-subnet-00) (2011). https://www.ietf.org/archive/id/draft-vandergaast-edns-client-subnet-00.txt
- 6.Contavalli, C., Leach, S., Lewis, E., Gaast, W.V.D.: Client subnet in DNS requests (2013)Google Scholar
- 7.Contavalli, C., Leach, S., Lewis, E., Gaast, W.V.D.: Client Subnet in DNS Requests (draft-vandergaast-edns-client-subnet-02) (2014). https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-client-subnet/
- 8.Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 211–222. ACM (2008)Google Scholar
- 9.Electronic Frontier Foundation: Mass Surveillance Technologies (2015). https://www.eff.org/issues/mass-surveillance-technologies
- 11.Google: Introduction to Google Public DNS. https://developers.google.com/speed/public-dns/docs/intro. Accessed 07 Apr 2015
- 13.Kaminsky, D.: Black ops 2008: It’s the end of the cache as we know it. Black Hat USA (2008)Google Scholar
- 14.Krishnan, S., Monrose, F.: DNS prefetching and its privacy implications: when good things go bad. In: Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, p. 10. USENIX Association (2010)Google Scholar
- 15.Mockapetris, P.: Domain names - implementation and specification. RFC 1035 (INTERNET STANDARD), November 1987. http://www.ietf.org/rfc/rfc1035.txt
- 16.OpenDNS: The OpenDNS Global Network Delivers a Secure Connection Every Time, Everywhere (2010). http://info.opendns.com/rs/opendns/images/TD-Umbrella-Delivery-Platform.pdf
- 17.OpenDNS: A Faster Internet (2011). http://www.afasterinternet.com
- 18.Otto, J.S., Sánchez, M.A., Rula, J.P., Bustamante, F.E.: Content delivery and the natural evolution of DNS: remote DNS trends, performance issues and alternative solutions. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, pp. 523–536. ACM (2012)Google Scholar
- 19.Perdisci, R., Antonakakis, M., Luo, X., Lee, W.: WSEC DNS: protecting recursive DNS resolvers from poisoning attacks. In: IEEE/IFIP International Conference on Dependable Systems & Networks 2009, DSN 2009, pp. 3–12. IEEE (2009)Google Scholar
- 20.Stewart, J.: DNS cache poisoning-the next generation (2003)Google Scholar
- 21.Streibelt, F., Böttger, J., Chatzis, N., Smaragdakis, G., Feldmann, A.: Exploring EDNS-client-subnet adopters in your free time. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 305–312. ACM (2013)Google Scholar
- 22.Zhao, F., Hori, Y., Sakurai, K.: Analysis of privacy disclosure in DNS query. In: International Conference on Multimedia and Ubiquitous Engineering, 2007, MUE 2007, pp. 952–957. IEEE (2007)Google Scholar