Security and Privacy for public DNS Resolvers

Back to all publications

Publication date:February 10, 2022

Domain Name System (DNS) resolution is a hierarchical distributed system of protocols and systems, whose main purpose is to map the human friendly domain names, such as www.example.com, to machine readable IP addresses, such as 123.123.123.123. DNS resolution is both highly critical and highly sensitive, and traditionally this service is provided locally by Internet Access Providers for their customers. Recently there has been a shift from these private DNS resolvers, to publicly accessible DNS resolvers. These resolvers tend to offer advanced security and protection features out-of-the-box, such as encryption of user requests and blocking of malicious domains, that aim to attract users to their services. In this paper, we analyse this shift in the market and some of the major drivers for these changes, such as: Encryption, Service outages, DNS blocking. In this paper we also analyse the different security and resilience advantages (such as geographic spread) and drawbacks (such as loss of enterprise network traffic visibility) of public DNS resolvers.