Agencja Unii Europejskiej ds. Cyberbezpieczeństwa, Bezpieczeństwo i prywatność publicznych serwerów DNS

FEBRUARY 2022

SECURITY AND PRIVACY OF PUBLIC DNS RESOLVERS

EXECUTIVE SUMMARY

Domain Name System (DNS) resolution is a distributed system of protocols and registers, whose main purpose is to map the human friendly domain names, such as www.example.com, to machine readable IP addresses, such as 123.123.123.123. DNS resolution is both highly critical and highly sensitive, and traditionally this service is provided locally by internet access providers for their customers.

For years there has been a shift towards public DNS resolvers, either large-scale ones such as Google and Cloudflare or smaller ones like the European non-profit Quad9 and Canadian Shield, a DNS resolution service provided by the Canadian top-level domain registry CIRA to Canadian citizens. These resolvers tend to offer advanced security and protection features outof-the-box, such as encryption of user requests and blocking of malicious domains, that aim to attract users to their services.

In this paper, we analyse this shift...