Hi, I just wanted to chime in that I've read the draft-bortzmeyer-dnsop-dns-privacy, good stuff. One of my concerns regarding the privacy is - even with the encryption and minimization, there's still a lot of information available about the query resolution, like for example who's asking who, sizes of the query/response and such. I mean, for example if I'm asking a TLD and then a hosting company, it's a pretty good chance I'm looking for a name under that TLD and registered with that company.
I wonder what are your thoughts about something like the onion routing in the DNS query resolution? Instead of asking the authoritative servers directly, you could give a small N of random bounces within a group of name servers, making the exit point (to some extent) random. This could work even for a partial solution of a query - for example when resolving multiple NS addresses at once. This presumes a relatively confident "last mile" between the query originator and the first bouncing resolver, and unfortunately brings additional costs (in terms of CPU and bandwidth) for processing bounced queries. Best, Marek Vavrusa (CZ.NIC) _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
