DNS Encryption: Exposure or Opportunity? (2020)

By Mark Dokter & Bruce Van Nice, Akamai

Encrypting DNS traffic has been a focus of the IETF for several years, and in late 2018 two standards were formalized for use between clients (stub resolvers) and resolvers: DNS over TLS and DNS over HTTPS. Numerous implementations have appeared, and DNS encryption has become a visible topic in industry media.

It’s a testament to the original design that the way the DNS operates has remained largely unchanged for more than 30 years since the protocol was originally specified. Stub resolvers on clients (typically configured from a local network with a protocol like DHCP) send queries to a caching resolver which, in turn, talks to authoritative DNS servers that provide answers to queries.

DNS encryption changes the transport protocols and, due to some design choices, opens up the possibility of significant changes in the way client devices behave. This paper discusses these changes and their potential impact on service providers. It also offers guidance about how to address encrypted DNS deployments, summarized below:

  • Communicate about privacy and security practices so subscribers are aware of how their service is protected and privacy is preserved
  • Implement Best Practices for DNS resolution to ensure services are performant, resilient, and always available
  • Understand the new DNS encryption protocols and how they can be deployed, and participate in formulation of standards to ensure they can be scaled and operationalized
  • Consider additional services that protect subscribers and further enhance their privacy by preventing loss of personal data
By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Building a Business Service in the Cloud
By Adrian Beaudin & Bruce Van Nice, Akamai
2020
When Security and Privacy Collide: New Approaches are Needed
By Sandy Wilbourn & Craig Sprosts, Akamai
2018
Conditional Access And Encryption Options For Digital Compression Systems
By Tony Wechselberger, TV/COM International
1993
Encryption Fundamentals - A Non-Technical Overview
By Anthony Wechselberger, Oak Communications, Inc.
1985
Encryption-Based Security Systems What Makes Them Different And How Well Are They Working?
By Anthony J. Wechselberger Vice President, Engineering , OAK Communications Inc.
1987
Analysis Of Bandwidth-Conservative Service Opportunity
By Gregory E. Feldkamp, Ph.D, @Security Broadband Corporation
2002
Capitalizing On The Multi-screen Opportunity
By Rob Malnati, Motorola
2011
HDTV: Cable's Opportunity for the Future
By William Thomas, American Television and Communications
1988
Improving Customer Experience Through Cooperative In-home Caching And Pre-positioning (CIHCP)
By John Jason Brzozowski and Jan van Doorn, Comcast Cable
2016
5G Is Rapidly Approaching, What Must Cable MSOs Do To Capitalize On This Business Opportunity
By Jon Baldry, Infinera
2018
More Results >>