You are here :
-
Public Consultations
-
Reference
-
Statistics
-
Publications
-
Blog
- [Video] Conclusions on the Internet Governance Forum (IGF) France 2019
- A brief example of using Afnic Open Data
- Food for thought on the "new TLD" business models
- 30 years of success and danger: the Web, URLs and the future
- [Success stories] Strengthen your infrastructure to suit your ambitions
- February 1, 2019: is the DNS going to shake?
- [Success stories] They chose to have their own TLD
- [Success stories] .museum, how a historic Internet suffix was revived
- The main steps in effectively launching your .brand
- 6 secrets on how to improve the renewal of domain names
- [Video] Back to IGF 2018 in Paris
- A .BRAND to enhance customer experience
- Afnic commits to DNS security at the international level
- Replacement of the KSK of the root zone: Are you ready?
- How the SNCF implemented its new digital strategy with oui.sncf
- Franco-Dutch research project on automatic classification of domain name abuse
- The auditive memorization of domain names
- What are the possible actions against domain name abuses?
- Identity theft by domain name: what Afnic does
- Cybersquatting, Spam, Phishing… the different types of domain name abuses
- [Video] Review of the French Internet Governance Forum 2018
- Custom Internet extensions: the opportunities for brands
- How to avoid inadmissibility in the SYRELI procedure
- Which English terms are most used in .FR domain names?
- Domain name security, the example of cryptocurrencies
- What are the terms most used in .fr domain names?
- Personality test: Are you ready for GDPR?
- Do GeoTLDs like .alsace have an effect on local SEO?
- The 11 vital locations to display your domain name!
- What means of action for a Right-holder ineligible under the Naming Policy?
- Domain name litigation: the recognition of an AOC rights in the SYRELI procedure
- Why choose a domain name under a geoTLD?
- Afnic, a community first and foremost!
- The defense of personality rights in the SYRELI procedure
- When will the next round of the new gTLDs take place?
- A million good reasons for coming to the Afnic Forum...
- Yeti DNS-over-TLS public resolver
- 2016, the beginning of a new cycle for Afnic
- .fr has just passed the 3 million domain names milestone
- My experience inside the Afnic Legal Department
- Future of ICANN Privatization? Internationalization? Supervision?
- Excellence at Afnic - Our coming-out
- Speech at the transmittal of the IANA Stewardship Transition Plan
- Exclusive offer: 100% money back on your domain name*!
- 8 tips for choosing the right domain name
- IPv6 and DNSSEC are respectively 20 and 19 years old. Same fight and challenges?
- L.45-2 paragraph 1 of the CPCE: When a domain name disrupts the French law
- How to avoid getting your domain name stolen by email?
- Accountability and IANA transition: behind the scenes
- Stop selling domain names!
- abc.xyz : erratum.xyz
- A comprehensive approach to French regional branding
- abc.xyz : Meanwhile, back in France…
- abc.xyz: Why not alphabet.com? (The conspiracy theory version)
- abc.xyz : The controversial success of .xyz
- Corporate Communications, Constant Crisis
- abc.xyz : Why not alphabet.com ?
- alphabet.xyz : How Alphabet got its domain name
- abc.xyz : Don't worry, we're still getting used to the name too!
- IANA transition crosses a major milestone in Buenos Aires
- A day in the life of the Icann empowered community
- IANA transition : the machine is moving, but the deadline is approaching
- Corporate Social Responsibility and the DNA of ccTLDs
- China Changing in Leaps and Bounds
- Towards a less intrusive DNS
- ICANN: what does accountability stand for?
- ICANN Singapore. A debate at the other end of the world
- ICANN Reform, or opening Pandora's box
- Internet Governance Forum: What is to be done?
- Slam spam!
- Icann : freeze !
- Scams and identity theft, the experience of a SYRELI reporter
- French Regional Reform Does Not Mean the End of GeoTLDs
- Lessons Learnt from NETmundial
- Suggestions for a successful IANA transition
- Wind of change at Afnic!
- Back to the future of the Afnic Legal Service
- The US Backs ICANN for Internet Governance
- Should the registrars streamline their gTLD strategy?
- The IANA elephant in the room
- 2014 : change of course for the naming system
- Why do regions want a place online?
- What can Afnic do?
- Internet governance: let’s get to work!
-
FAQ
-
Glossary
-
Certificates
Towards a less intrusive DNS
07 April 2015 - By Stéphane Bortzmeyer
Afnic is working, among others, with the Council of European National Top Level Domain Registries (CENTR) and the Internet Engineering Task Force (IETF) on enhancing the protection of privacy for DNS users.
The DNS is a little known but crucial element of the Internet infrastructure. Given the current widespread concerns about privacy, the relation between the DNS protocol and privacy is being examined in closer detail. Every Internet user makes wide-scale use of the DNS, even if they are not aware of doing so and know nothing about the DNS or domain names. Whenever a user sends a message or clicks a hyperlink, and whenever their computer updates its software programs, a DNS query (and frequently many more than one) is sent. But whereas the privacy issues related to the HTTP Web protocol have been discussed at length (consider the discussions surrounding "is the explicit consent of the user a prerequisite to placing cookies?" or "is the IP address a nominative data?"), those related to the DNS were first ignored, and then only studied within a small circle of experts, mainly within the IETF. The upcoming release of the RFC "DNS privacy considerations" will be the first official sign of that interest.
What precisely are the privacy issues raised by the DNS? Imagine that you log onto the website of Alcoholics Anonymous. You enter the domain name, or select it as a bookmark or find it using a search engine. In each case, your Web browser will issue a DNS query to find the information associated with the domain name. The managers of the DNS servers that process the query and any third parties who spy on the network will know what you do on the web, which might not please you. Of course, the HTTP connection itself will also reveal things about your visit. But there are two specific reasons for considering the role of the DNS: the first is that the other protocols are gradually being secured against surveillance, and that the DNS, if nothing is done, could become the "weakest link" in privacy; the second is that the DNS involves other stakeholders. For example, if a French resident visits a French website, they may feel that foreign stakeholders cannot keep track of their activities, since apparently everything takes place on French territory. But that "security analysis" is too succinct. If, for example, the website has a name under the .com TLD, the DNS queries are processed and observed by American servers, although the client and HTTP server are both in France.
Note that we are referring here to the necessary confidentiality of the queries. The data are much less of a problem since they are public. In other words, it is not the IP address of Alcoholics Anonymous that should be kept confidential, but the fact that Mr. Jones has requested it.
We must therefore strengthen the protection of privacy in the DNS. Afnic has been involved in this process since its inception, first within the CENTR and then within the IETF, and has been a driving force in the process even before Edward Snowden's revelations, since the work began at the General Meeting of CENTR in Amsterdam in June 2013. The IETF meeting in Vancouver in November 2013 was an opportunity to transfer this task to the main Internet standards body.
The usual method for improving the protection of privacy is in two steps: minimize the amount of data sent, and encrypt the transfer. The first solution protects against indiscreet servers among other things, the second against a third party who may be eavesdropping on the network. These two approaches are both necessary, since they do not protect against the same opponents.
Today, three tasks are being carried out by the IETF:
- documenting the issue: this will be the role of the future DNS privacy considerations RFC mentioned above. There may not be any perfect technical solutions, but at least a reference document on the issues related to the DNS will be available to the Internet stakeholders who perform security analysis. The following two tasks focus on the solutions (the two steps I mentioned above)
- encrypting DNS traffic, as far as possible. The technical issues involved are being hotly discussed, with several solutions proposed. Once adopted, the solution selected will be deployed in all of the DNS servers, including the resolvers and authoritative servers (such as those managed by Afnic).
- minimizing the amount of data sent, by no longer sending the full query to all of the servers (including those of the root zone). Today, if Mr. Jones issues a DNS query for tracker.thepiratebay.se, the root servers (and all other DNS servers involved) see the full query when it would be enough to ask them about the .se name servers since they only know the TLD. This is the mechanism suggested by the future "QNAME minimization" RFC. Once adopted, it should be deployed in a particular category of DNS servers, the resolvers.
As was said before, Afnic has been a pioneer in this task and will continue to make every effort to see it is completed.
Is this domain
available ?
News
- July 18, 2019 Afnic hails the inscription of the French Southern and Antarctic Lands on the Wo...
- July 11, 2019 Afnic Annual Report 2018: "For a trustworthy, inclusive Internet"
- July 1, 2019 .museum, the new alternative for museums on the internet
- June 26, 2019 Pierre Bonis, CEO of Afnic, is elected Chair of the ccNSO's Internet Govern...
- June 24, 2019 The 9th edition of the annual Day of the Afnic Scientific Council (JCSA) will be...
