D'oh! Mozilla to road test privacy-protecting DNS encryption

DNS-Over-HTTPS set for week of performance tests

Reg comments Got Tips?

Last year, an IETF working group mulled whether HTTPS is a suitable mechanism to protect internet users' domain name requests from prying eyes. Now Mozilla has decided to lend a hand by testing a DNS-Over-HTTPS (yes, the acronym is DOH) implementation.

Mozilla's planned week-long test is no surprise, since as we reported in December last year, one of the DOH coauthors is Moz developer Patrick McManus.

Firefox Quantum branding

Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

READ MORE

McManus told us at the time that DOH provides more than just privacy – it also helps guarantee the integrity of the response users receive to their requests. Because the DNS response is invisible between responder and user, ISPs and others in the end-to-end network chain can't interfere in the responses.

The basis of the Mozilla test is a Trusted Recursive Resolver, TRR - the resolver that secures DNS requests and responses. DNS requests will be handled by conventional infrastructure at the same time as over DOH, with results for the latter providing measurement and telemetry before being discarded.

In this Bugzilla post, Daniel Stenberg explained that the developers want to gather information about “resolver timings, connection error rates and http response code changes.”

If possible, Stenberg and McManus hope there's enough data to break the results down geographically, because it would help measure the network topology's impact on performance.

McManus posted a separate announcement about the trial here.

The DOH test responder will be hosted at Cloudflare, which sparked a privacy debate on the two lists relating to user privacy. Both McManus and Stenberg pointed out that today's DNS doesn't protect users at all, and that the contract between Mozilla and Cloudflare ensures that the latter can't make any use of personally-identifiable information (not even the requester's IP address).

The third revision to DOH was published in February, and McManus wrote he expects it to go to a "final call" in the working group soon. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020