> Decentralising caches could actually be worse for dns privacy, as your query no longer stops in the big ISP pool to gain some anonymity, but instead links straight to you with specific TTLs on your personal cache expiry/re-fetch timers.
I have heard this "pooling" argument quite a few time. The idea is that if I send my requests through a big enough recursive resolver, I gain anonymity because the reply may be cached, or the request may come from the pool instead of coming from me. The problem with the argument is that it expects privacy to result as a side effect from something else, in that case caching. But this is a week argument. For example, if the target resource is rarely accessed, the output to fetch "kinky.example.org" can be easily correlated with the arrival of an encrypted request to the resolver, and thus to the original IP address. This is even more true if the target DNS name is set with a short TTL. Compare that to onion routers like Tor that are specifically engineered for privacy, and which do not rely on side effects. If I wanted to hide my footprints, I would have much more trust in something engineered for privacy than on an hypothetical side effect. So, if really care about hiding requests, then maybe we should consider an onion network of DNS resolvers, of course connected by ecrypted links. Or maybe use DNS over HTTPS over Tor. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
