May 6 – 7, 2021
UTC timezone
OARC 35 Day 1 - begins 01:00 UTC Today 6 May.

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

May 6, 2021, 4:30 AM
Standard Presentation Online Workshop OARC 35 Day 1


Sudheesh Singanamalla (Cloudflare Inc / University of Washington)


The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public large-scale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this talk we present the implementation, measurement, and deployment of interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocol’s performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.

Primary authors

Sudheesh Singanamalla (Cloudflare Inc / University of Washington) Suphanat Chunhapanya (Cloudflare Inc) Jonathan Hoyland (Cloudflare Inc) Marek Vavruša (Cloudflare Inc) Tanya Verma (Cloudflare Inc) Peter Wu (Cloudflare Inc) Marwan Fayed (Cloudflare Inc) Kurtis Heimerl (University of Washington) Nick Sullivan (Cloudflare Inc) Christopher Wood (Cloudflare Inc)

Presentation materials