I think the answer to this question may be a simple "no, don't" but it if were not, it might be something that'd improve privacy for both stub<->recursive and recursive<->authoritative without changes to the DNS, but probably requiring some new protocol to run alongside. Anyway...
On 23/10/14 12:36, Hugo Maxwell Connery wrote: > DNS information is clearly public information. But that > does not mean that one needs to publish *who* is accessing > that public data. Another way in which one could conceivably do that is by issuing bogus requests, (i.e. padding) which attempts to mask not who is asking but which answers are of interest. That wouldn't have to be a case of sending queries for randomly generated names, but could be based on some form of gossip between a bunch of e.g. recursives or something. So the bogus request that one sends out might actually be for a domain that was a real request from another gossipy recursive a while ago. I suspect that there's not much to be gained by doing that in the end, and it'd clearly have costs, (though with gossiping one might limit those by getting a lot of cache hits) but I wonder if anyone has looked at this kind of thing in detail already? A v. quick search didn't turn up that much, though [1] seems to be proposing something along these lines. Cheers, S. [1] Federrath, Hannes, et al. "Privacy-preserving DNS: analysis of broadcast, range queries and mix-based protection methods." Computer Security–ESORICS 2011. Springer Berlin Heidelberg, 2011. 665-683. http://202.154.59.182/mfile/files/Information%20System/Computer%20Security%20-%2016th%20ESORICS%202011/Chapter%2036%20Privacy-Preserving%20DNS%3B%20Analysis%20of%20Broadcast,%20Range%20Queries%20and%20Mix-Based%20Protection%20Methods.pdf _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
