Designing for Tussle in Encrypted DNS

PDF Paper Library link to paper


Austin Hounsel, Paul Schmitt, Kevin Borgolte, Nick Feamster


Proceedings of the 20th Workshop on Hot Topics in Networking (HotNets), November 2021


Recent concerns over the privacy implications of the Domain Name System (DNS) have led to encrypting DNS queries and responses through protocols like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Although the trend towards encryption is a positive development, the accompanying centralization of the DNS has fomented tussles involving ISPs, browser and device vendors, content delivery networks, and users. This paper articulates several current DNS tussles and offers principles to guide system design and implementation such that all stakeholders in the space could participate. We argue that refactoring name resolution in a stub resolver that is separate from devices and applications can preserve the benefits of encrypted DNS while satisfying other architectural desiderata, including performance, resilience, and privacy.


  title     = {{Designing for Tussle in Encrypted DNS}},
  author    = {Hounsel, Austin and Schmitt, Paul and Borgolte, Kevin and Feamster, Nick},
  booktitle = {Proceedings of the 20th Workshop on Hot Topics in Networking (HotNets)},
  date      = {2021-11-10},
  doi       = {10.1145/3484266.3487383},
  edition   = {20},
  editor    = {Yu, Minlan and Vanbever, Lauren},
  location  = {Online},
  publisher = {Association for Computing Machinery (ACM)},
  url       = {}