Measuring the Availability and Response Times of Public Encrypted DNS Resolvers
- URL: http://arxiv.org/abs/2208.04999v2
- Date: Thu, 30 Oct 2025 16:21:46 GMT
- Title: Measuring the Availability and Response Times of Public Encrypted DNS Resolvers
- Authors: Ranya Sharma, Nick Feamster,
- Abstract summary: We measure DNS query response times from global vantage points in North America, Europe, and Asia.<n>Our results show that many non-mainstream resolvers have higher response times than mainstream resolvers.<n>In some cases, however, certain non-mainstream resolvers perform at least as well as mainstream resolvers.
- Score: 8.13463174491448
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Unencrypted DNS traffic between users and DNS resolvers can lead to privacy and security concerns. In response to these privacy risks, many browser vendors have deployed DNS-over-HTTPS (DoH) to encrypt queries between users and DNS resolvers. Today, many client-side deployments of DoH, particularly in browsers, select between only a few resolvers, despite the fact that many more encrypted DNS resolvers are deployed in practice. Unfortunately, if users only have a few choices of encrypted resolver, and only a few perform well from any particular vantage point, then the privacy problems that DoH was deployed to help address merely shift to a different set of third parties. It is thus important to assess the performance characteristics of more encrypted DNS resolvers, to determine how many options for encrypted DNS resolvers users tend to have in practice. In this paper, we explore the performance of a large group of encrypted DNS resolvers supporting DoH by measuring DNS query response times from global vantage points in North America, Europe, and Asia. Our results show that many non-mainstream resolvers have higher response times than mainstream resolvers, particularly for non-mainstream resolvers that are queried from more distant vantage points -- suggesting that most encrypted DNS resolvers are not replicated or anycast. In some cases, however, certain non-mainstream resolvers perform at least as well as mainstream resolvers, suggesting that users may be able to use a broader set of encrypted DNS resolvers than those that are available in current browser configurations.
Related papers
- LLUAD: Low-Latency User-Anonymized DNS [0.764671395172401]
Domain Name System (DNS) involved in practically all web activity.<n>DNS exposes user web activity in detail.<n>Privacy challenge is honest-but-curious DNS servers/resolvers providing the translation/lookup service.
arXiv Detail & Related papers (2025-09-29T01:43:23Z) - DNS in the Time of Curiosity: A Tale of Collaborative User Privacy Protection [0.764671395172401]
Public DNS resolvers offer low-latency resolution, high reliability, privacy-preserving policies, and support for encrypted DNS queries.<n> client-resolver traffic encryption, increasingly deployed to protect users from eavesdroppers, does not protect users against curious resolvers.<n>We will discuss key ideas of the proposal, which aims to achieve a high level of privacy without sacrificing performance.
arXiv Detail & Related papers (2025-09-29T01:09:09Z) - ODoQ: Oblivious DNS-over-QUIC [0.03499870393443268]
Domain Name System (DNS) has advanced enhancements aimed at safeguarding DNS data and users' identity from attackers.<n>The recent privacy-focused advancements have enabled the IETF to standardize several protocols.<n>These protocols tend to focus on either strengthening user privacy (like Oblivious DNS and Oblivious DNS-over-HTTPS) or reducing resolution latency.<n>Our proposed protocol -- 'Oblivious DNS-over-QUIC' (ODoQ) -- leverages the benefits of the QUIC protocol and incorporates an intermediary proxy server to protect the client's identity.
arXiv Detail & Related papers (2025-09-14T06:29:08Z) - ChamaleoNet: Programmable Passive Probe for Enhanced Visibility on Erroneous Traffic [48.87214752144106]
ChamaleoNet transforms any production network into a transparent monitor to let administrators collect unsolicited and erroneous traffic directed to hosts.<n>ChamaleoNet is programmed to ignore well-formed traffic and collect only erroneous packets.<n>Simple analytics unveil internal and infected hosts, identify temporary failures, and enhance visibility on external radiation produced by attackers looking for vulnerable services.
arXiv Detail & Related papers (2025-08-17T20:54:41Z) - Collusion Resistant DNS With Private Information Retrieval [42.34183823376613]
We propose PDNS, a DNS extension leveraging single-server Private Information Retrieval to strengthen privacy guarantees.<n>PDNS achieves acceptable performance (2x faster than DoH over Tor with similar privacy guarantees) and strong privacy guarantees today.
arXiv Detail & Related papers (2025-07-28T13:17:25Z) - Auditing Prompt Caching in Language Model APIs [77.02079451561718]
We investigate the privacy leakage caused by prompt caching in large language models (LLMs)<n>We detect global cache sharing across users in seven API providers, including OpenAI.<n>We find evidence that OpenAI's embedding model is a decoder-only Transformer, which was previously not publicly known.
arXiv Detail & Related papers (2025-02-11T18:58:04Z) - Optimizing Cross-Client Domain Coverage for Federated Instruction Tuning of Large Language Models [87.49293964617128]
Federated domain-specific instruction tuning (FedDIT) for large language models (LLMs) aims to enhance performance in specialized domains using distributed private and limited data.<n>We empirically establish that cross-client domain coverage, rather than data heterogeneity, is the pivotal factor.<n>We introduce FedDCA, an algorithm that explicitly maximizes this coverage through diversity-oriented client center selection and retrieval-based augmentation.
arXiv Detail & Related papers (2024-09-30T09:34:31Z) - TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning.
This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records.
TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
arXiv Detail & Related papers (2023-12-07T08:03:10Z) - Open-Domain Question-Answering for COVID-19 and Other Emergent Domains [61.615197623034085]
We present an open-domain question-answering system for the emergent biomedical domain of COVID-19.
Despite the small data size, we are able to successfully train the system to retrieve answers from a large-scale corpus of published COVID-19 scientific papers.
arXiv Detail & Related papers (2021-10-13T18:06:14Z) - Cross-Domain Generalization Through Memorization: A Study of Nearest
Neighbors in Neural Duplicate Question Detection [72.01292864036087]
Duplicate question detection (DQD) is important to increase efficiency of community and automatic question answering systems.
We leverage neural representations and study nearest neighbors for cross-domain generalization in DQD.
We observe robust performance of this method in different cross-domain scenarios of StackExchange, Spring and Quora datasets.
arXiv Detail & Related papers (2020-11-22T19:19:33Z) - Boosting Deep Neural Networks with Geometrical Prior Knowledge: A Survey [77.99182201815763]
Deep Neural Networks (DNNs) achieve state-of-the-art results in many different problem settings.
DNNs are often treated as black box systems, which complicates their evaluation and validation.
One promising field, inspired by the success of convolutional neural networks (CNNs) in computer vision tasks, is to incorporate knowledge about symmetric geometrical transformations.
arXiv Detail & Related papers (2020-06-30T14:56:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.