Author: Simon Hobson Date: To: dng Subject: Re: [DNG] Opennic
Gabe Stanton via Dng <dng@???> wrote:
> You're right that I didn't address the fact that queries to root
> servers don't all go to one server. My understanding of that wasn't
> firm when I was writing so I said 'upstream server'. But that would be
> a small hurdle to overcome if everyone started protecting their dns
> queries by running a caching resolver, because of the financial
> incentive for doing so. The collusion it would take to exploit all
> exploitable data would be minimal.
I beg to differ. It would need a great deal of collusion (at least for the root servers), involving a variety of entities from around the world - and it only takes one of them to blow the whistle. If anyone tied it, it would kick up quite a storm. At the very least, it is not something that could be done without anyone realising.
> Those are great arguments for runnning a caching resolver, and of
> course that's a good thing, but there are a couple cases I outlined
> that potentially offer better privacy.
> 1. Running your own recursive server where your dns requests are pooled
> with others.
> 2. Pointing at a single resolver that doesn't keep logs and where your
> dns requests are pooled. Of course you never know what logs are being
> kept for sure, but if operators are honest and don't keep logs, and if
> they run doh, dot, or dnscrypt, then you have potentially better
> privacy because of no logs and pooled requests.
It occurred to me (after writing my previous message) that one option open to you is to get together with a few friends and share a resolver that's under your own control. You could turn off query logging and then know that there's no logs for anyone to look at. The difficult bit is getting enough people together who all trust each other such that you can pool enough queries as to make any data collected by others into useless noise.
But also as mentioned earlier, none of this deals with the eavesdropper problem. Your ISP can look at all your DNS queries just by filtering out all port 53 traffic and copying it to their logging servers. I suspect in some jurisdictions that's done because "the authorities say so", and I'm sure that some will be doing it because the law doesn't stop them and it's something they can monetise. As Rick Moen says, the only defence against that is to deal with an ISP that isn't run by sleaze balls.
And that problem was behind the development of DoH - which simply replaces one problem of trust with a different problem of trust !