In message <CACgotOQXxgzz3XvA7=g5xn-cvmumvsx31vqhywgvajpux7b...@mail.gmail.com> , =?UTF-8?Q?Marek_Vavru=C5=A1a?= writes: > Hi, I just wanted to chime in that I've read the > draft-bortzmeyer-dnsop-dns-privacy, good stuff. > One of my concerns regarding the privacy is - even with the encryption > and minimization, there's still a lot of information available about > the query resolution, like for example who's asking who, sizes of the > query/response and such. I mean, for example if I'm asking a TLD and > then a hosting company, it's a pretty good chance I'm looking for a > name under that TLD and registered with that company. > > I wonder what are your thoughts about something like the onion routing > in the DNS query resolution? Instead of asking the authoritative > servers directly, you could give a small N of random bounces within a > group of name servers, making the exit point (to some extent) random. > This could work even for a partial solution of a query - for example > when resolving multiple NS addresses at once. This presumes a > relatively confident "last mile" between the query originator and the > first bouncing resolver, and unfortunately brings additional costs (in > terms of CPU and bandwidth) for processing bounced queries. > > Best, > Marek Vavrusa (CZ.NIC)
And the point of doing this when the next thing you do is open a TCP connection to a server is or are you thinking that we should be using tor for all connections all the time? -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
