Colloquium: Revisiting the Adoption of Query Name Minimization for Improved DNS Security and Privacy

Speaker: 

Jonathan Magnusson (PhD Student in Computer Science at Karlstad University)

Abstract:

The Domain Name System (DNS) is a critical Internet infrastructure that translates human-readable domain names to IP addresses. Designed more than 35 years ago, it has undergone several improvements, specifically focused on enhancing the security and privacy of DNS lookups. Query name minimization (qmin) was initially introduced in 2016 to limit the exposure of queries sent across DNS and thereby enhance privacy. In this paper, we look at the adoption of qmin (RFC 9156), building upon and extending measurements made by De Vries et al. in 2018. Results from active and passive measurements, using extended methods from previous work, show that the adoption of qmin has significantly increased since 2018. New controlled experiments also show a trend of a higher number of packets used by resolvers and lower error rates in the DNS queries. Since qmin is a balance between performance and privacy, we further discuss the depth limit of minimizing labels and propose using a public suffix list to set this limit.