Skip to main content
Springer Nature Link
Log in

Improving Privacy for GeoIP DNS Traffic

  • Conference paper
  • First Online:
Quality, Reliability, Security and Robustness in Heterogeneous Systems (Qshine 2018)

  • 665 Accesses

Abstract

Many authoritative nameservers today support GeoIP feature. EDNS Client Subnet (ECS) extension helps GeoIP authoritative nameserver to address the public recursive resolver’s proximity IP problem. However, ECS raises some privacy concerns since recursive resolver leaks client subnet information on the resolution path to the authoritative nameserver. In this paper we introduce an EDNS ISP Location (EIL) extension, to make privacy improvement for GeoIP DNS traffic while preserve the ECS optimization on the end-user experience, reduce response latency, and increase cache-hit rate. We analysis 910.9K Chinese IPv4 CIDR/24 subnets, find that 479.9K TEL subnets, 234.0K UNI subnets, and 66.3K MOB subnets can enable EIL to optimize DNS traffic.

This is an extended version of an earlier extended abstract presented at the International Conference on Privacy, Security and Trust, 2018.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Amazon Route 53: Geolocation Routing. http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo

  2. Using the GeoIP Features in BIND 9.10. https://kb.isc.org/article/AA-01149/0

  3. DYN Predefined Geographic Groups of Traffic Director. https://help.dyn.com/traffic-director-predefined-geographic-regions/

  4. Gdnsd Plugin Geoip. https://github.com/gdnsd/gdnsd/wiki/GdnsdPluginGeoip

  5. PowerDNS GeoIP backend. https://doc.powerdns.com/md/authoritative/backend-geoip/

  6. Microsoft Use DNS Policy for Geo-Location Based Traffic Management with Primary Servers. https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/primary-geo-location

  7. Which CDNs support edns-client-subnet. http://www.cdnplanet.com/blog/which-cdns-support-edns-client-subnet/

  8. Contavalli, C., van der Gaast, W., Lawrence, D., Kumari, W.: Client Subnet in DNS Queries. RFC7871 (2016)

    Google Scholar 

  9. Kintis, P., Nadji, Y., Dagon, D., Farrell, M., Antonakakis, M.: Understanding the privacy implications of ECS. In: Caballero, J., Zurutuza, U., Rodríguez, Ricardo J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 343–353. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_17

    Chapter  Google Scholar 

  10. The privacy risk of edns-subnet-client (ECS). https://www.doileak.com/blog-Public-DNS-might-not-%20improve-privacy.html

  11. Bortzmeyer, S.: DNS privacy considerations. RFC 7626 (2015)

    Google Scholar 

  12. Grothoff, C., Wachs, M., Ermert, M., Appelbaum, J.: NSA’s MORECOWBELL: Knell for DNS

    Google Scholar 

  13. Hu, Z., et al.: Specification for DNS over Transport Layer Security (TLS). RFC 7858 (2016)

    Google Scholar 

  14. Dempsky, M.: Dnscurve: link-level security for the domain name system. Work in Progress, draft-dempsky-dnscurve-01 (2010)

    Google Scholar 

  15. DNSCrypt. https://dnscrypt.org/

  16. Wijngaards, W., Wiley, G.: Confidential DNS. IETF Draft (2015). https://tools.ietf.org/html/draft-wijngaards-dnsop-confidentialdns-03

  17. Kumari, W., Hoffman, P.: Decreasing Access Time to Root Servers by Running One on Loopback. RFC 7706 (2015)

    Google Scholar 

  18. Bortzmeyer, S.: DNS Query Name Minimisation to Improve Privacy. RFC7816 (2016)

    Google Scholar 

  19. Damas, J., Graff, M., Vixie, P.: Extension mechanisms for DNS (EDNS (0)). RFC 6891 (2013)

    Google Scholar 

  20. ISO 3166 Country Codes. http://www.iso.org/iso/country_codes

  21. Maxmind GeoIP2 City Database. https://www.maxmind.com/en/geoip-demo

  22. dns_test_eil. https://github.com/abbypan/dns_test_eil

  23. Pan, L., Fu, Y.: ISP Location in DNS Queries. IETF Draft (2017). https://datatracker.ietf.org/doc/draft-pan-dnsop-edns-isp-location/

Download references

Author information

Authors and Affiliations

  1. Geely Automobile Research Institute, Zhejiang, 315336, China

    Lanlan Pan & Jian Wang

  2. Chinese Academy of Sciences, Beijing, 100190, China

    Xuebiao Yuchi

  3. China Internet Network Information Center, Beijing, 100190, China

    Xin Zhang & Anlei Hu

Authors
  1. Lanlan Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xuebiao Yuchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anlei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lanlan Pan .

Editor information

Editors and Affiliations

  1. Queen’s University Belfast, Belfast, UK

    Trung Q. Duong

  2. Institute of Fundamental and Applied Sciences, Duy Tan University, Ho Chi Minh City, Vietnam

    Nguyen-Son Vo

  3. Ho Chi Minh City University of Technology and Education, Ho Chi Minh City, Vietnam

    Van Ca Phan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pan, L., Yuchi, X., Zhang, X., Hu, A., Wang, J. (2019). Improving Privacy for GeoIP DNS Traffic. In: Duong, T., Vo, NS., Phan, V. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Systems. Qshine 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 272. Springer, Cham. https://doi.org/10.1007/978-3-030-14413-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-14413-5_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-14412-8

  • Online ISBN: 978-3-030-14413-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics