Privacy and Data Protection in the Domain Name System

The ongoing discourse on Internet privacy tends to focus on how to ensure that personal data at endpoints, i.e. either on user devices or on servers in domains under the control of service providers, are collected and processed according to user's privacy expectations and existing privacy regulations. However, one important yet often missing aspect from public debates on privacy is the impact of the underlying, for users often hidden, Internet infrastructure to the fundamental right to informational self-determination. A key critical infrastructure component of the Internet is the Domain Name System (DNS).As the so-called "address book of the Internet", DNS provides name resolution functions for Internet services, the most important of which is translating domain names into Internet Protocol (IP) addresses, and vice versa. Although an ever-growing number of Internet services are switching to encrypted communication hiding sensitive information from eavesdroppers, the unencrypted and unauthenticated DNS protocol remains a crucial privacy and cyber-security weak spot in the overall Internet infrastructure. The hierarchical and centralized design of the DNS allows various entities, including commercial and state entities to monitor online activities of Internet users and draw sensitive inferences about them, thus ultimately undermining individuals' right to privacy. At the same time, existing countermeasures are either theoretical, in an early stage of development or just not widely deployed or adopted. This paper focuses on privacy issues in DNS. We begin by providing a brief overview of how DNS works and a review of the different adversaries in the DNS infrastructure. Based on this analysis, we discuss resulting privacy threats to the end user and analyze related countermeasures from academia and standardization bodies.