Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

TL;DR

This paper introduces Oblivious DNS over HTTPS (ODoH), a practical protocol that enhances user privacy by preventing DNS resolver from linking queries to client identities, while maintaining performance comparable to existing DNS security protocols.

Contribution

The paper presents the design, implementation, and deployment of ODoH, demonstrating its practicality and privacy benefits over traditional DNS over HTTPS and DNS over TLS.

Findings

ODoH achieves comparable performance to DoH and DoT.

ODoH effectively prevents resolver from linking queries to client identities.

Deployment results show ODoH is practical for real-world use.

Abstract

The Domain Name System (DNS) is the foundation of a human-usable Internet, responding to client queries for host-names with corresponding IP addresses and records. Traditional DNS is also unencrypted, and leaks user information to network operators. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting traffic and hiding content from on-lookers. However, one of the criticisms of DoT and DoH is brought to bear by the small number of large-scale deployments (e.g., Comcast, Google, Cloudflare): DNS resolvers can associate query contents with client identities in the form of IP addresses. Oblivious DNS over HTTPS(ODoH) safeguards against this problem. In this paper we ask what it would take to make ODoH practical? We describe ODoH, a practical DNS protocol aimed at resolving this issue by both protecting the client's content and identity. We implement and deploy the protocol, and perform measurements to show that ODoH has comparable performance to protocols like DoH and DoT which are gaining widespread adoption, while improving client privacy, making ODoH a practical privacy enhancing replacement for the usage of DNS.