CVE 25th Anniversary
On the long-term scale of human history, 25 years is nothing.
Read postWe will be adding QNAME minimization in the next major version of named
.
QNAME minimization is described in IETF RFC 7816. It is an important component of an overall DNS privacy strategy. This project will make it possible for the operator of a BIND resolver to configure it to minimize unnecessary information leakage. Data leaked through DNS lookups is increasingly stored and analyzed and can be used for surveillance purposes. Even worse, such surveillance does not require the sophistication of a government actor. Data is leaked routinely to every DNS system in the path of every user lookup if QNAME minimization is not in use, so all that is required is that those system operators collect and analyze the data. The information leaked is meta data only, related to the Internet resource the end user is seeking; it could disclose the existence of an email conversation, PGP key lookup of a correspondent, or research on sensitive topics or people.
The Open Technology Fund has generously agreed to sponsor this work. The mission of the OTF is to support Internet freedom. QNAME minimization is sponsored because of their focus on “Privacy enhancement, including the ability to be free from repressive observation and the option to be anonymous when accessing the internet.”
Anyone wishing to follow along or comment on this enhancement is welcome to join ISC’s Gitlab for BIND 9. This is issue #16.
What's New from ISC