Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-Based Protection Methods

  • Hannes Federrath
  • Karl-Peter Fuchs
  • Dominik Herrmann
  • Christopher Piosecny
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)


We propose a dedicated DNS Anonymity Service which protects users’ privacy. The design consists of two building blocks: a broadcast scheme for the distribution of a “top list” of DNS hostnames, and low-latency Mixes for requesting the remaining hostnames unobservably. We show that broadcasting the 10,000 most frequently queried hostnames allows zero-latency lookups for over 80% of DNS queries at reasonable cost. We demonstrate that the performance of the previously proposed Range Queries approach severely suffers from high lookup latencies in a real-world scenario.


Range Query Network Latency Domain Name System Reply Packet Private Information Retrieval 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akcan, H., Suel, T., Brönnimann, H.: Geographic Web Usage Estimation By Monitoring DNS Caches. In: Proceedings of the First International Workshop on Location and the Web, LOCWEB 2008, vol. 300, pp. 85–92. ACM, New York (2008)CrossRefGoogle Scholar
  2. 2.
    Andrews, M.: Negative Caching of DNS Queries (DNS NCACHE). RFC 2308 (1998)Google Scholar
  3. 3.
    Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (2005)Google Scholar
  4. 4.
    Armstrong, S., Freier, A., Marzullo, K.: Multicast Transport Protocol. RFC 1301 (1992)Google Scholar
  5. 5.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Brandhorst, C., Pras, A.: DNS: A Statistical Analysis of Name Server Traffic at Local Network-to-Internet Connections. In: EUNICE 2005: Networks and Applications Towards a Ubiquitously Connected World, pp. 255–270 (2006)Google Scholar
  7. 7.
    Burkhart, M., Dimitropoulos, X.: Fast Privacy–Preserving Top–k Queries using Secret Sharing. In: Proceedings of 19th International Conference on Computer Communications and Networks (ICCCN), pp. 1–7. IEEE, Los Alamitos (2010)Google Scholar
  8. 8.
    Castillo-Perez, S., García-Alfaro, J.: Anonymous Resolution of DNS Queries. In: Chung, S. (ed.) OTM 2008, Part II. LNCS, vol. 5332, pp. 987–1000. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Castillo-Perez, S., García-Alfaro, J.: Evaluation of Two Privacy–Preserving Protocols for the DNS. In: Proceedings of the Sixth International Conference on Information Technology: New Generations, pp. 411–416. IEEE Computer Society Press, Washington, DC, USA (2009)Google Scholar
  10. 10.
    Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: Proceedings of the Third Symposium on Operating Systems Design and Implementation, OSDI 1999, pp. 173–186. USENIX Association, Berkeley (1999)Google Scholar
  11. 11.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  12. 12.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private Information Retrieval. In: Proceedings of the 36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin, pp. 41–50. IEEE Computer Society, Los Alamitos (1995)Google Scholar
  13. 13.
    Danezis, G.: Mix-Networks with Restricted Routes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 1–17. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The Second–Generation Onion Router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–320. USENIX, Berkeley (2004)Google Scholar
  15. 15.
    Dingledine, R., Serjantov, A., Syverson, P.F.: Blending Different Latency Traffic with Alpha-mixing. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 245–257. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Dingledine, R., Shmatikov, V., Syverson, P.: Synchronous batching: From cascades to free routes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 186–206. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing. Communications of the ACM 42(2), 39–41 (1999)CrossRefGoogle Scholar
  18. 18.
    Handley, M., Greenhalgh, A.: The case for pushing DNS. In: ACM Workshop on Hot Topics in Networking (Hotnets) (2005)Google Scholar
  19. 19.
    Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and the Effectiveness of Caching. IEEE/ACM Transactions on Networking (TON) 10(5), 589–603 (2002)CrossRefGoogle Scholar
  20. 20.
    Köpsell, S.: Low Latency Anonymous Communication – How Long Are Users Willing to Wait? In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 221–237. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Kumpošt, M., Matyáš, V.: User Profiling and Re-identification: Case of University-Wide Network Analysis. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 1–10. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Lu, Y., Tsudik, G.: Towards Plugging Privacy Leaks in the Domain Name System. In: Proceedings of the Tenth International Conference on Peer–to–Peer Computing (P2P), pp. 1–10. IEEE, Los Alamitos (2010)Google Scholar
  23. 23.
    Pease, M., Shostak, R., Lamport, L.: Reaching Agreement in the Presence of Faults. J. ACM 27, 228–234 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-MIXes: Untraceable Communication with Very Small Bandwidth Overhead. In: Proc. GI/ITG-Conference Kommunikation in Verteilten Systemen (Communication in Distributed Systems), pp. 451–463 (1991)Google Scholar
  25. 25.
    Rajab, M.A., Monrose, F., Provos, N.: Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing. ACM Trans. Internet Technol. 10, 9:1–9:21 (2010)Google Scholar
  26. 26.
    Vaidya, J., Clifton, C.: Privacy–Preserving Top–k Queries. In: Proceedings of the 21st International Conference on Data Engineering (ICDE), pp. 545–546. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  27. 27.
    Vaidya, J., Clifton, C.: Privacy–Preserving Kth Element Score over Vertically Partitioned Data. IEEE Trans. Knowl. Data Eng. 21(2), 253–258 (2009)CrossRefGoogle Scholar
  28. 28.
    Verisign Inc.: The Domain Name Industry Brief (February 2011),
  29. 29.
    Yang, Y.C.: Web user behavioral profiling for user identification. Decision Support Systems 49, 261–271 (2010)CrossRefGoogle Scholar
  30. 30.
    Zhao, F., Hori, Y., Sakurai, K.: Analysis of Privacy Disclosure in DNS Query. In: Proceedings of the 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE 2007), pp. 952–957. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  31. 31.
    Zhao, F., Hori, Y., Sakurai, K.: Two–Servers PIR Based DNS Query Scheme with Privacy–Preserving. In: Proceedings of the The 2007 International Conference on Intelligent Pervasive Computing, pp. 299–302. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Hannes Federrath
    • 1
  • Karl-Peter Fuchs
    • 1
  • Dominik Herrmann
    • 1
  • Christopher Piosecny
    • 2
  1. 1.Computer Science DepartmentUniversity of HamburgGermany
  2. 2.Dept. of Management Information SystemsUniversity of RegensburgGermany

Personalised recommendations