ODoQ: Oblivious DNS-over-QUIC

• URL: http://arxiv.org/abs/2509.11123v1
• Date: Sun, 14 Sep 2025 06:29:08 GMT
• Title: ODoQ: Oblivious DNS-over-QUIC
• Authors: Aditya Kulkarni, Tamal Das, Vivek Balachandran,
• Abstract summary: Domain Name System (DNS) has advanced enhancements aimed at safeguarding DNS data and users' identity from attackers.<n>The recent privacy-focused advancements have enabled the IETF to standardize several protocols.<n>These protocols tend to focus on either strengthening user privacy (like Oblivious DNS and Oblivious DNS-over-HTTPS) or reducing resolution latency.<n>Our proposed protocol -- 'Oblivious DNS-over-QUIC' (ODoQ) -- leverages the benefits of the QUIC protocol and incorporates an intermediary proxy server to protect the client's identity.
• Score: 0.03499870393443268
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: The Domain Name System (DNS), which converts domain names to their respective IP addresses, has advanced enhancements aimed at safeguarding DNS data and users' identity from attackers. The recent privacy-focused advancements have enabled the IETF to standardize several protocols. Nevertheless, these protocols tend to focus on either strengthening user privacy (like Oblivious DNS and Oblivious DNS-over-HTTPS) or reducing resolution latency (as demonstrated by DNS-over-QUIC). Achieving both within a single protocol remains a key challenge, which we address in this paper. Our proposed protocol -- 'Oblivious DNS-over-QUIC' (ODoQ) -- leverages the benefits of the QUIC protocol and incorporates an intermediary proxy server to protect the client's identity from exposure to the recursive resolver.

Related papers

• DNS in the Time of Curiosity: A Tale of Collaborative User Privacy Protection [0.764671395172401]
  Public DNS resolvers offer low-latency resolution, high reliability, privacy-preserving policies, and support for encrypted DNS queries.<n> client-resolver traffic encryption, increasingly deployed to protect users from eavesdroppers, does not protect users against curious resolvers.<n>We will discuss key ideas of the proposal, which aims to achieve a high level of privacy without sacrificing performance.
  arXiv  Detail & Related papers  (2025-09-29T01:09:09Z)
• ChamaleoNet: Programmable Passive Probe for Enhanced Visibility on Erroneous Traffic [48.87214752144106]
  ChamaleoNet transforms any production network into a transparent monitor to let administrators collect unsolicited and erroneous traffic directed to hosts.<n>ChamaleoNet is programmed to ignore well-formed traffic and collect only erroneous packets.<n>Simple analytics unveil internal and infected hosts, identify temporary failures, and enhance visibility on external radiation produced by attackers looking for vulnerable services.
  arXiv  Detail & Related papers  (2025-08-17T20:54:41Z)
• Collusion Resistant DNS With Private Information Retrieval [42.34183823376613]
  We propose PDNS, a DNS extension leveraging single-server Private Information Retrieval to strengthen privacy guarantees.<n>PDNS achieves acceptable performance (2x faster than DoH over Tor with similar privacy guarantees) and strong privacy guarantees today.
  arXiv  Detail & Related papers  (2025-07-28T13:17:25Z)
• Analysis of Robust and Secure DNS Protocols for IoT Devices [8.574167373120648]
  We investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF)<n>We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits.
  arXiv  Detail & Related papers  (2025-02-13T19:16:39Z)
• MTDNS: Moving Target Defense for Resilient DNS Infrastructure [2.8721132391618256]
  DNS (Domain Name System) is one of the most critical components of the Internet. Researchers have been constantly developing methods to detect and defend against the attacks against DNS. Most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped. We propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques.
  arXiv  Detail & Related papers  (2024-10-03T06:47:16Z)
• Optimizing Cross-Client Domain Coverage for Federated Instruction Tuning of Large Language Models [87.49293964617128]
  Federated domain-specific instruction tuning (FedDIT) for large language models (LLMs) aims to enhance performance in specialized domains using distributed private and limited data.<n>We empirically establish that cross-client domain coverage, rather than data heterogeneity, is the pivotal factor.<n>We introduce FedDCA, an algorithm that explicitly maximizes this coverage through diversity-oriented client center selection and retrieval-based augmentation.
  arXiv  Detail & Related papers  (2024-09-30T09:34:31Z)
• Say No to Freeloader: Protecting Intellectual Property of Your Deep Model [52.783709712318405]
  Compact Un-transferable Pyramid Isolation Domain (CUPI-Domain) serves as a barrier against illegal transfers from authorized to unauthorized domains. We propose CUPI-Domain generators, which select features from both authorized and CUPI-Domain as anchors. We provide two solutions for utilizing CUPI-Domain based on whether the unauthorized domain is known.
  arXiv  Detail & Related papers  (2024-08-23T15:34:33Z)
• Reduce to the MACs -- Privacy Friendly Generic Probe Requests [41.238757288366656]
  This paper introduces generic probe requests. By removing all unnecessary information from IEs, the requests become indistinguishable from one another. We show that minimising IEs to nothing but Supported Rates would enable 82.55% of the devices to share the same anonymity set.
  arXiv  Detail & Related papers  (2024-05-15T10:18:30Z)
• A Flow is a Stream of Packets: A Stream-Structured Data Approach for DDoS Detection [32.22817720403158]
  We propose a new tree-based DDoS detection approach that operates on a flow as a stream structure. Our approach matches or exceeds existing machine learning techniques' accuracy, including state-of-the-art deep learning methods.
  arXiv  Detail & Related papers  (2024-05-12T09:29:59Z)
• TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
  Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning. This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records. TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
  arXiv  Detail & Related papers  (2023-12-07T08:03:10Z)
• The Evolution of DNS Security and Privacy [1.0603824305049263]
  DNS is one of the fundamental protocols of the TCP/IP stack to protect against threats and attacks. This study examines the risks associated with DNS and explores recent advancements that contribute towards making the DNS ecosystem resilient against various attacks while safeguarding user privacy.
  arXiv  Detail & Related papers  (2023-12-01T06:14:25Z)
• Model Barrier: A Compact Un-Transferable Isolation Domain for Model Intellectual Property Protection [52.08301776698373]
  We propose a novel approach called Compact Un-Transferable Isolation Domain (CUTI-domain) CUTI-domain acts as a barrier to block illegal transfers from authorized to unauthorized domains. We show that CUTI-domain can be easily implemented as a plug-and-play module with different backbones.
  arXiv  Detail & Related papers  (2023-03-20T13:07:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.