Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Domain Name System
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Privacy and tracking issues== Originally designed as a public, hierarchical, distributed and heavily cached database, the DNS protocol has no confidentiality controls. User queries and nameserver responses are sent unencrypted, enabling [[Sniffing attack|network packet sniffing]], [[DNS hijacking]], [[DNS spoofing|DNS cache poisoning]] and [[man-in-the-middle attack]]s. This deficiency is commonly used by cybercriminals and network operators for marketing purposes, user authentication on [[captive portal]]s and [[Internet censorship|censorship]].<ref name="Huston-2019">{{Cite journal|last=Huston|first=Geoff|date=July 2019|title=DNS Privacy and the IETF|url=http://ipj.dreamhosters.com/wp-content/uploads/2019/07/ipj222.pdf |archive-url=https://web.archive.org/web/20190930154208/http://ipj.dreamhosters.com/wp-content/uploads/2019/07/ipj222.pdf |archive-date=2019-09-30 |url-status=live|journal=The Internet Protocol Journal}}</ref> User privacy is further exposed by proposals for increasing the level of client IP information in DNS queries (RFC 7871) for the benefit of [[content delivery network]]s. The main approaches that are in use to counter privacy issues with DNS include: *[[VPN]]s, which move DNS resolution to the VPN operator and hide user traffic from the local ISP. *[[Tor (network)|Tor]], which replaces traditional DNS resolution with anonymous [[.onion]] domains, hiding both name resolution and user traffic behind [[onion routing]] counter-surveillance. *[[Proxy server|Proxies]] and public DNS servers, which move the actual DNS resolution to a trusted third-party provider. **Some public DNS servers may support security extensions such as [[DNS over HTTPS]], [[DNS over TLS]] and [[DNSCrypt]]. Solutions preventing DNS inspection by the local network operator have been criticized for thwarting corporate network security policies and Internet censorship. Public DNS servers are also criticized for contributing to the centralization of the Internet by placing control over DNS resolution in the hands of the few large companies which can afford to run public resolvers.<ref name="Huston-2019" /> {{Blockquote|text=Google is the dominant provider of the platform in [[Android (operating system)|Android]], the browser in Chrome, and the DNS resolver in the 8.8.8.8 service. Would this scenario be a case of a single corporate entity being in a position of overarching control of the entire namespace of the Internet? [[Netflix]] already fielded an app that used its own DNS resolution mechanism independent of the platform upon which the app was running. What if the [[Facebook]] app included DoH? What if [[Apple Inc.|Apple]]'s [[iOS]] used a DoH-resolution mechanism to bypass local DNS resolution and steer all DNS queries from Apple's platforms to a set of Apple-operated name resolvers?|sign=|source=DNS Privacy and the IETF}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)