NeTS: Small: Privacy and Performance over Third-party DNS
Northwestern University, Evanston IL
Investigators
Abstract
DNS (or the Domain Name System) can be thought of as the phonebook of the Internet, responsible for translating human-readable domain names (such as www.example.com) to machine-readable IP addresses (something like 129.105.36.48). DNS plays a crucial role in determining the quality of our online experiences and is privy to our tastes, preferences, and even the devices we own. The last ten years have brought a number of DNS variants promising better performance, privacy, and reliability, including public DNS, DoH (DNS over HTTPS, a secure way to send data between a web browser and the web server), and DoT (DNS over TLS, an approach to secure network communication). The services implementing those variants rely on global infrastructures run by specialized companies, offering improved performance and reliability. Privacy enhancements, specifically in DoH and DoT, come from the use of encryption between a user’s device (a laptop or smartphone) and the DNS. These benefits, however, are limited in scope as (i) DNS providers can access the unencrypted request of millions of users, (ii) using third-party DNS breaks with the assumption made by some content distribution networks (CDNs) about the proximity between users and their DNS, resulting in worst web experiences, and last (iii) third-party DNS service market is dominated by a handful of providers increasing, among other concerns, the potential impact of any single failure. The objective of this research effort is to understand the impact of third-party DNS services and develop techniques that allow users to benefit from these services’ enhanced privacy and performance without incurring associated costs. As part of this effort, the researchers will investigate approaches to characterize and control user privacy exposure to third-party DNS services as well as characterize and explore techniques to mitigate the performance impact of third-party DNS services around the world. Leveraging the gained insights and proven techniques, the investigators will design and evaluate end-user deployable solutions that can allow users to leverage the benefits of third-party DNS services without their costs. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →