* Hugo Maxwell Connery: > The data submitted removes information about the system making > the query (the client) and passes that information in aggregate to > preserve the privacy of the clients,
The original implementation did this (and it happened at the point where the DNS packets were captured, so it was not easily bypassed by the database operator). To what degree subsequent implementations attempt to preserve client privacy, I don't know. Some organizations have significant interest in reviewing DNS requests from a specific client after some event, or trigger action targeting clients making DNS requests with certain properties. > Providing confidential query transactions to any part of the DNS system > would NOT prevent resolvers from recording the transactions or > aggregating / anonymising them to deliver passive DNS information. > (i.e the resolver must have the client and query details in the clear or > it can't do its work). Right now, I don't think any caching resolvers support IPFIX-style export of cache updates. It is reasonable to expect that if gathering DNS request data is no longer possible using network taps, resolver code will be enhanced with such data export facilities. > However, to meet the targets of confidentiality it may require a > re-architecture of the mechanism by which those transaction details > are delivered to the trusted repository, and possibly other > mechanisms within the pDNS ecosystem. This assumes that those who operate any kind of passive DNS infrastructure share a general goal of increasing DNS privacy. I don't think this is true; at least some operate under the assumption that DNS data is a public resource. This assumption is not shared by everyone, both for privacy reasons and commercial reasons (some organizations consider their DNS data private property). _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
