Cloudflare, Apple, and Fastly have co-designed and proposed a new DNS standard to tackle ongoing privacy issues associated with DNS.
On Tuesday, Cloudflare's Tanya Verma and Sudheesh Singanamalla announced support for the new standard[1], which separates IP addresses from queries, a measure that, it is hoped, will mask requests and make it more difficult for users to be tracked online.
The Domain Name System (DNS), which has underpinned online architecture for years, in its basic form still sents queries without encryption. Therefore, anyone lurking on network paths between your device and DNS resolvers can view queries that contain hostnames -- or website addresses requested -- and IP addresses.
DNS over HTTPS (DoH) and DNS over TLS (DoT), were engineered to safeguard these paths through Internet Engineering Task Force (IETF) standardized DNS encryption, reducing the risk of queries being intercepted or modified -- for example, by preventing attackers from redirecting users from legitimate domains to malicious addresses. Third-parties, such as ISPs, also find it more difficult to trace website visits when DoH is enabled.
See also: DNS cache poisoning poised for a comeback: Sad DNS[2]
DoH deployment is on the cards for many major browser providers[3], although rollout plans are ongoing. Now, Oblivious DNS over HTTPS (ODoH) has been proposed by Cloudflare -- together with partners PCCW Global, Surf, and Equinix -- to improve on these models by adding an additional layer of public key encryption and a network proxy.
Research conducted by Princeton University and the University of Chicago, "Oblivious DNS: Practical Privacy for DNS Queries[4]," (.PDF) published in 2019 by Paul Schmitt, Anne Edmundson, Allison Mankin, and Nick Feamster, provided the inspiration for the new standard proposal.
The overall aim of ODoH is to decouple