[sdnog] [Paper] Local and Internet Policy Implications of Encrypted DNS
sami at tpra.gov.sd
Tue Oct 29 17:22:02 SAST 2019
Thank you Fahd for sharing this useful document,
I will resend it to another thread to
enrich the discussion.
----- Original Message -----
From: Fahd Batayneh <fahd.batayneh at icann.org>
To: Sudan NOG <sdnog at sdnog.sd>
Sent: Mon, 28 Oct 2019 09:59:48 +0300 (EAT)
Subject: [sdnog] [Paper] Local and Internet Policy Implications of Encrypted DNS
Friends and Colleagues,
ICANN’s Office of the Chief Technology Officer (OCTO) have issued a new paper entitled “Local and Internet Policy Implications of Encrypted DNS”. The paper touches upon some emerging standards related to the domain name system such as DNS Over TLS (DoT), DNS Over HTTPS (DoH), and others
Since the creation of the Domain Name System (DNS), DNS traffic has been sent between computers and recursive resolvers in cleartext, meaning in-path observers could read the requests and responses. Recently, new technologies have been standardized to allow this DNS traffic to be encrypted, so that observers cannot see the information in the requests and responses. Deployment of these new technologies, particularly in browsers, is increasing.
The use of encryption for DNS traffic has numerous implications that are now being discussed in earnest in many different forums. Adding privacy to DNS traffic prevents eavesdroppers from gaining valuable information, but it can also prevent network administrators from using DNS as a way to enforce content, access, and other control policies. Recent discussions have shown that the way that DNS encryption is deployed has significant effects on enforcement of local policy. This paper discusses the ramifications of various proposed deployment strategies for encrypted DNS between end user computers and recursive resolvers.
The paper id available in PDF format here >> https://www.icann.org/en/system/files/files/octo-003-en.pdf.
Dr. Sami Salih | Assistant Professor
Sudan University of Science and Technology
Eastern Dum, P.O Box 11111-407
email: sami.salih at sustech.edu
More information about the sdnog