zlacker

[parent] [thread] 1 comments
1. cm2187+(OP)[view] [source] 2019-10-04 08:29:11
I don’t understand the privacy reason. If I am querying for domain x, why does it matter that domain x’s DNS servers know what IP I am querying them from? I am going to hit their web server directly with that very same IP in a few milliseconds anyway.
replies(1): >>tomato+D4
2. tomato+D4[view] [source] 2019-10-04 09:39:46
>>cm2187+(OP)
There are a few reasons. Here are three I can think of off the top of my head:

Many browsers prefetch DNS for links on webpages these days. So it’s entirely possible and even common that you may query DNS for sites you never visit, which would indeed be a privacy leak.

Secondly, many sites have their DNS hosted elsewhere so it may not be the same people you are leaking the information to.

Thirdly, if the DNS query is transmitted to the site’s DNS servers in plain text (which most DNS is), then despite eSNI etc anyone who has access to the wire traffic along the route from the DNS proxy to the site’s DNS servers (which is probably different from the route your own traffic takes to their servers) can see which site you wanted to access.

[go to top]