Query Name Minimization in DNS Resolvers Today


Jonathan Magnusson

The Domain Name System (DNS) is a vital service in order to mainly translate human-readable domain names to IP-addresses and can therefore be regarded as critical Internet infrastructure. When it was implemented over 35 years ago, neither confidentiality, integrity nor privacy were part of its design. Multiple strategies have been proposed in the past years to make the DNS lookups more secure and privacy preserving. In order to minimize the amount of information being sent across the name server hierarchy, RFC 7816 known as \emph{query name minimization} (qmin) was introduced to limit the exposure of query names at each request by containing the minimum labels necessary. A study published in 2019 measured qmin adoption on the Internet using both active measurements with RIPE Atlas probes as well as passive measurements at root and Top-Level Domain (TLD) name servers. In addition, controlled experiments were performed to measure the performance and result quality of three qmin-enabled open source resolvers. The goal of this study is to measure qmin adoption a couple of years down the line as a second look, building on the same methodologies from the original study and introducing additional data sources for the passive measurements. The results show that the adoption of qmin has been increasing since the previous study. The active measurements with RIPE Atlas probes shows an increase of qmin-enabled resolvers from 2500 in 2018 to almost 10000 in 2022. The active measurements on open resolvers shows a qmin adoption increase from 1.6\% to 16.42\%. The passive measurements validating the categorization from the active measurements shows that it is easier to categorize a qmin-enabled resolver correctly in comparison to not-qmin-enabled resolver. The controlled experiments shows a trend of more number of packets and lower error rates.