Analyst Chat

Analyst Chat #79: DNS and Privacy

Your DNS server knows what websites you use, what the name of your mail server is, and which corporate services you use while working from your home office. And there are even broader challenges when it comes to protecting sensitive personal data in that context. Alexei Balaganski and Matthias continue their conversation about a fundamental Internet resource, the Domain Name System, this time walking the fine line between technology and trust.

Welcome to the KuppingerCole analyst chat. I'm your host. My name is Matthias. I'm not I'm senior analyst and lead advisor with KuppingerCole analysts. My guest today is again Alexei Balaganski. He is a lead analyst with KuppingerCole and he is covering amongst other topics. The topics of cybersecurity. Hi Alexei.
Hello, Matthias. Thanks for hearing that again.
Great to have you again, man. This is important because we want to continue our discussion that we started in an earlier episode around the domain name system we covered in that earlier episode, the, um, aspects of cybersecurity threats against this domain name system. And today we want to continue our discussion looking at a different aspect, which is closely related, but quite different. We want to look at the domain name system and its relevance regarding privacy. When we look at domain name system. So if we look at what actually the system is, what it does, so it's resolves, um, symbolic names like www KuppingerCole dot com towards a technical address. And this is done by a service that is, um, an integral part of the internet from the very beginning of, almost from the very beginning. How can that really apply to privacy? How is this important, Alexei?
Yes. Well, Marty has just to recap quickly and what we discussed in our previous episode, yes, DNS is one of the big bones of the internet. It's also one of the earliest, uh, network services powering the internet, and obviously it was not designed with security in mind. One of the creative challenges of modern DNS is that it's completely, uh, plaintext on requests, uh, flowing between clients and in a silver star unencrypted totally in the clear or running through a well-known, uh, network port. So everyone can, uh, use the rope intercept and analyze them. And this obviously opens the amount of security challenges, which we have discussed in the previous episode, but you all right? Uh, privacy is a totally different beast. First of all, because privacy is not entirely based on technology is based on trust and trust is of course anything but technology, psychology, cultural issues, societal issues. When it comes to privacy, you talked about both down to the amount of inconvenience, uh, you have to, or you're, you're, you're willing to put up with, uh, in the tone to protecting your personal information, right? And many people are decided that, uh, even the slightest inconvenience isn't worth it. So they are ignoring privacy issue completely. This is where they are completely wrong.
So where do we actually see personal information? Um, when it comes to, uh, using the domain name system, I assume it's just mainly the information that you provide. When you want to use a service. When you want to contact a web server, a mail server, any kind of other service, then you would indicate that you want to use that server. And where you're coming from is this, this type of type of information that we're looking at.
Of course, this is the most obvious, uh, privacy related problems. So yes, every time you want to visit the website or want to connect to any kind of internet resource, you have to resolve its IP address, which means that you have to submit a query to the DNS server. And the owner of the DNS server always gets that information in the glare. So your internet provider or your employer, if you're working from an office, for example, they always know which resources you are visiting. Even as we all know that modern websites are usually completely encrypted through this TLS technology. So when we connect through HTTPS address, the actual content of the website is encrypted. But the very fact that you have visited that website event so everyone can know which two websites you have the team. And we all know that this can lead to all kinds of problems ranging from tiny personal inconvenience.
When you, for example, are shopping for a presence for your wife or to a much bigger challenges, if you are a dissident working undercover in a hostile, politically unstable country, for example. So this is the biggest challenge. What people tend to ignore maybe forget about is that DNS itself contains a lot of personal information. If you register a website, if you run a website you have to provide, or your address, your phone number, your email address, or just your name, if you will register the domain. And much of that information is freely available somewhere out there in that, uh, in a structure. And we all know the DNS, for example, isn't limited to geographical borders. So your personal information can freely flow around the world. And this is a major violation of many, uh, privacy regulations like GDPR.
So if we look at these different operations that we've, that you've mentioned. So on the one hand, there is these, these, uh, communication between the different zones. So the, the upload download of types of sown information, which can contain personal data in itself. And on the other hand, it's the usual user oriented, uh, communication between client, the DNS server, um, and the DNS infrastructure. So what is at stake is as a user, my personal IP address, where I am the communication between the me and the DNS server and everything that's the DNS server can expose, um, to the outer world. So there are, and of course there's stone transfer, um, information as this service is so long around, I would expect really that this transport in the clear that this, um, not having any kind of authentication and, and encryption in transit has been tackled before other solutions already available that look at these challenges, starting with the, with the end point with me and the overall infrastructure.
Well, yes and no. I mean, of course, uh, people have been working on different approaches to solve this problem. The challenge here is backwards compatibility. I mean, DNS is such an essential part of our modern internet. You cannot just rip it and replace with something totally new. It either has to be backwards compatible and that's leaking the same data, or you have to slowly upgrade all the clients, all the services, all the devices to support some kind of when you protocol. And the problem for example, is that some vendors, some technologies offer at least partial coverage of this challenge. At for example, even the simplest 3:00 PM virtual private network is always, almost always sold to customers as a privacy enhancing technology, which not just, uh, an opportunity to like watch American Netflix on Germany, but it's also hide the fact that you're watching Netflix for example, from work.
So the problem that, um, not every VPN provider, uh, is, uh, kind of the same technological proficiency, if you will. And even if you are connected through a VPN tunnel, your DNS might still be leaking and some really good, uh, VPN providers actually include the kill switch in their clients, which ensure that if something like that even occurs, your complete traffic will be immediately stopped. So your data isn't leaked, but even if it, uh, even if they do solve this challenge, it all, again, boils down to trust. If you do not trust your ISP, why should you trust your VPN provider more?
I think, yeah, that is an important question because, um, as you said, there, there are, um, DNS providers that do that as a commercial service. Um, one important, um, DNS provider is Google and plays an important role in the overall global DNS infrastructure. And you've mentioned that there are specialized, um, focused security, cyber security as a service providers that run DNS, um, as a secured service where they are paid for providing this service. So deciding which provider of DNS services is the one you would trust most is really a crucial, crucial decision to make sure that you understand what could happen, what might happen and, and what you see, what you can prevent by choosing one or the other option and where in the end you are ending up with. Yeah, the, the, the residual risk is trust trusting in the, in the, um, provide of the service.
Well, this is again where we have to really try to delineate the border between security and privacy. Unfortunately, sometimes it's a clear the economy where you have to choose either privacy or security, but not both. And this of course relates to almost Emory, uh, quote unquote enterprise grade DNS security solution, because the way, the idea of an enterprise security platform in that its primary goal is to prevent sensitive data leaks or data approaches to ensure that your corporate devices and compromised for example, but of course, to solve those challenges like that provider has to monitor everything you are doing, or at least what happens on your device on your behalf. So to say, and of course, when you are working from home, especially if you are, for example, an EU citizen into your information is protected by law, or sometimes kind of security collectors whose privacy, but luckily there are actually specifically designed privacy enhancing technologies are being developed nowadays specifically for DNS.
Uh, two of those, you've probably heard about this, uh, D O T and D or age on this, uh, DNS forward TLS, which is basically so traditional DNS query is sent on a standard encrypted tunnel. The other one is DNS or HTTPS, which is again, domain resolution queries converted into the standard HTTPS protocol, meaning that, or they works the same way as your normal site visits. And they're protected by the same technology in that regard. Nobody else can eavesdrop on your DNS traffics or CIA or Chinese hackers or your wife. I cannot know, recite your reality now, but of course the actual provider still know that, or it's again, up to you to decide, can you actually try to Google more than your wife? I wouldn't,
Yeah, I would not try to, I would try to avoid that discussion again, but basically, um, the, the, what we can by this, this, um, an cryption mechanisms either it's, it's directly at TLS or it's HTTPS, which is still as somewhere woven into HTTPS. Uh, but in the end it's, it's encryption of the traffic between me as the client, my endpoint, and the DNS server and all these DNS servers, um, among each other communicate also in an encrypted manner. So that part of the threat, the clear text transfer of the actual protocol data, um, is mitigated by this. But I think one problem with that is still around would be that I have to communicate with that server. And by that I disclose my IP address. I show who I am, so this community is, is lost. So there is still, um, a way that my, my existence, my using this office service, um, would still be disclosed. Are there other mechanisms in place that can help here as well?
Oh, of course. And there is a multitude of different mechanisms offered, uh, to mitigate that, uh, fundamental challenge. The problem with that again, can you trust them with mechanisms? For example, we all know about the tour or the annual router network, which is suppose that they're not just, uh, encrypted, but also completely anonymized. And again, unfortunately we know for sure that the Tor network was actually created as a strong support from American intelligence agencies, and those agencies have the technology to de-anonymize people working through that network against the same can, or at least partially apply to any other encrypted network. For example, whether you decided for Google CloudFlare or any other your age or DOD provider, or those companies would still know who you are. And there is some kind of an additional third party required to, or to break that connection between you and the other party.
And indeed, there are some interesting developments with that regard. One is for example, the oblivious aged technology, which is currently being developed by CloudFlare. And I think we discussed CloudFlare last time. It's one of the largest cloud-based security platforms and, or of course, I mean, they're already around millions of websites. They protect them from out of service attacks and so on. And of course it's in their interest to maintain that image, to maintain that, to offer this level of trust with their customers. And I believe you have your age or technology is exactly that introduces a trusted third party. It's usually a standalone company, or maybe even a non-commercial entity, which would ensure that, uh, whenever you submit an encrypted DNS query to a provider like CloudFlare, that provider would never know who you are. All those requests are running through those proxies and the proxies claim, not to ask you not to tell the other party who they represent at the moment.
Of course, again, it's up to you to decide whether you trust those claims or not, but well, absolute trust is impossible. I mean, that very notion of zero trust we've been discussing so much lately in the end, it's just, it's a philosophical idea. You would never actually achieved a hundred percent without making some kind of a compromise. And of course, or the compromise you make there got to a trusted, probably non-commercial third party. It's probably a compromise easier to make sense to decide whether you talk to Google or any other company which built their own business model around knowing as much as possible about you. So, yes, uh, DNS, uh, privacy enhancing technologies are already here. They are already built into much browsers like Chrome and Firefox. Unfortunately, they are still somewhat limited. Again, if you look at the Chrome settings now I'll probably find like four different options to select from one of those would be Google themselves and CloudFlare, and probably a couple of smaller providers in the future. We'll hopefully see more. And of course, a large enterprise company can decide to design in-house their own secure and privacy aware DNS infrastructure, or again, invest in a, in a managed service. And then again, uh, it almost down to assessing your risks, understanding the compromise between, uh, privacy requirements, compliance requirements and productivity and inconvenience. Nobody even, we cannot give a a hundred percent correct opinion on that. It's always up to you to decide,
Right? So identifying the, the, the, the, the right level of risk to accept is, is an important step. And that can really not taken over by anybody else than you yourself, or the organization itself, but given the appropriate level of trust. So we assume we have decided if we have a trusted partner, then we would have the protection of the endpoint through the proxy. We would have encrypted traffic between the client and, uh, the, the actual DNS server with an end to end security between the client, through the proxy, to the, um, to the DNS server and in the communication with the complete DNS backbone. But you said that this oblivious DNS over HTTPS, this Odie O H is an emerging standard. This is just growing. And what would be then a recommendation from our side, um, in general, um, you said the support is still is limited in some process. Um, so that means that these mechanisms are not in general use across all kinds of DNS clients, which is every internet application, every app on your smartphone. So endorse it, make sure people are using it. Would that be the right way forward?
Absolutely. And have you just, uh, rightfully mentioned, there is a fine difference between technology, uh, and access to that technology from different clients. The technology is already here, whether you decided for DOD or D or H or a couple of other alternatives, all of those already exist. Uh, you can, uh, run solar components somewhere, or let someone else run those. You can incorporate the client libraries into your software. Then again, this isn't something which is backwards compatible. You have to actively make sure that all your client devices, applications, uh, smartphones, microservices, IOT, devices, all support this new protocol to probably take another couple of years, but we are already quite far on that way. Supporting major browsers and major operating system is really a great step forward. But then again, technology alone, isn't enough. Technology alone cannot address your trust issues and to implement those oblivious to your age, for example, infrastructures, technology alone, isn't enough. You have to find that trusted party. You have to probably have a contract or some kind of an agreement with that party, which covers not just a technology or SLA or whatever, but also incorporates legal requirements and compliance, uh, clauses and so on. So here again, this is not something which we can give you or an ultimate answer about, but it's already here. And companies like CloudFlare are already offering at least some kind of initial implementations, pilot projects or technology that looks promising.
Yeah, that's, that's a great summary, but maybe one, one tiny thing to add is we as the customers and we, as the analysts, we can be in a position to also, um, yet to, to, um, expose our powers when it comes to creating services, when it comes to choosing services and make this, um, um, a requirement that is a prerequisite to make sure that services that we create, especially customer facing services that use DNS are in a situation that they can really leverage these new types of protocols that you all mentioned, maybe a final word for all who have not yet looked into that and who are providing these services. You might want to look at Odo H just Google for that. Look at oblivious, DNS over HTTPS, there are specifications, and there are examples around just make sure that you are on the more modern approach towards DNS. Alex, thank you very much. I've learned a lot about privacy and DNS, and that this still is an important factor. It's technology it's trust, and it's really all that is around the governance and the, the maintenance of this trust. Um, so again, thank you very much for being my guest today, Alex.
Well, thank you, Mathias. Bye-bye bye-bye