On Fri, Jun 19, 2015 at 8:38 AM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations Working > Group of the IETF. > > Title : DNS query name minimisation to improve privacy > Author : Stephane Bortzmeyer > Filename : draft-ietf-dnsop-qname-minimisation-04.txt > Pages : 11 > Date : 2015-06-19 > > Abstract: > This document describes one of the techniques that could be used to > improve DNS privacy (see [I-D.ietf-dprive-problem-statement]), a > technique called "QNAME minimisation", where the DNS resolver no > longer sends the full original QNAME to the upstream name server. > > REMOVE BEFORE PUBLICATION Discussions of the document should take > place on the DNSOP working group mailing list [dnsop]. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-qname-minimisation/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-qname-minimisation-04 > > At the end of section 6 it says:
A possible solution is to always use the traditional algorithm when the cache is cold and then to move to QNAME minimisation. This will decrease the privacy a bit Every time the TTL of those records expires, that part of the cache is "cold", so it will happen regularly, and over time any repeated query will show up in the logs, so I think it affects privacy much more than "a bit" and should be avoided completely if privacy is a concern. Does that make sense?
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
