DNS (Domain Name System) is one of the basic protocols of the Internet. Almost no application can work without DNS name resolution. Unfortunately, the classic DNS protocol was never designed to protect end-user privacy.
After a few years of relative calm, the IETF has intensified its work on privacy in the DNS, and new DNS protocols have been standardized: DoT (DNS over TLS) and DoH (DNS over HTTPS)
With the initial euphoria about the prospect of encrypted DNS over, disillusionment has been spreading in the IT community - the first implementations of DoH in major web browsers cause concerns that privacy data will be collected centrally at US cloud providers, a step backwards for user privacy.
But the story is not over yet. New protagonists Apple and Microsoft
have joined the fray with new and interesting ideas about DNS encryption.
In this talk we will
* review the reason for concern about DNS privacy
* explain the new protocols DoT and DoH
* present the current (September 2020) status of DoH/DoT deployment
* look at new work from the IETF Adaptive DNS Discover (ADD) Working group: Oblivious DoH (oDoH) and Adaptive DNS resolver discovery
*provide an update on the latest advances from Apple and Microsoft