Document Type

Conference Paper

Publication Date

2021

DOI

10.1145/3442381.3450084

Publication Title

WWW'21: Proceedings of the Web Conference 2021

Pages

484–495

Conference Name

WWW '21: The Web Conference 2021, April 19-23, 2021, Ljubljana, Slovenia

Abstract

DNS traffic is transmitted in plaintext, resulting in privacy leakage. To combat this problem, secure protocols have been used to encrypt DNS messages. Existing studies have investigated the performance overhead and privacy benefits of encrypted DNS communications, yet little has been done from the perspective of censorship. In this paper, we study the impact of the encrypted DNS on Internet censorship in two aspects. On one hand, we explore the severity of DNS manipulation, which could be leveraged for Internet censorship, given the use of encrypted DNS resolvers. In particular, we perform 7.4 million DNS lookup measurements on 3,813 DoT and 75 DoH resolvers and identify that 1.66% of DoT responses and 1.42% of DoH responses undergo DNS manipulation. More importantly, we observe that more than two-thirds of the DoT and DoH resolvers manipulate DNS responses from at least one domain, indicating that the DNS manipulation is prevalent in encrypted DNS, which can be further exploited for enhancing Internet censorship. On the other hand, we evaluate the effectiveness of using encrypted DNS resolvers for censorship circumvention. Specifically, we first discover those vantage points that involve DNS manipulation through on-path devices, and then we apply encrypted DNS resolvers at these vantage points to access the censored domains. We reveal that 37% of the domains are accessible from the vantage points in China, but none of the domains is accessible from the vantage points in Iran, indicating that the censorship circumvention of using encrypted DNS resolvers varies from country to country. Moreover, for a vantage point, using a different encrypted DNS resolver does not lead to a noticeable difference in accessing the censored domains.

Comments

© 2021 IW3C2 (International World Wide Web Conference Committee)

This paper is published under the Creative Commons Attribution 4.0 International (CC-BY 4.0) license. Authors reserve the rights to disseminate the work on their personal and corporate Web sites with the appropriate attribution.

Original Publication Citation

Jin, L., Hao, S., Wang, H., & Cotton, C. (2021). Understanding the impact of encrypted DNS on internet censorship. In Proceedings of the Web Conference 2021 (WWW'21) April 19-23, 2021, Ljubljana, Slovenia. ACM, New York, NY, USA, 484-495. https://doi.org/10.1145/3442381.3450084

ORCID

0000-0001-7483-5252 (Hao)

Share

COinS