Recent developments to encrypt the Domain Name System (DNS) have resulted in major browser and operating system vendors deploying encrypted DNS functionality, often enabling various configurations and settings by default. In many cases, default encrypted DNS settings have implications for performance and privacy; for example, Firefox's default DNS setting sends all of a user's DNS queries to Cloudflare, potentially introducing new privacy vulnerabilities. In this paper, we confirm that most users are unaware of these developments -- with respect to the rollout of these new technologies, the changes in default settings, and the ability to customize encrypted DNS configuration to balance user preferences between privacy and performance. Our findings suggest several important implications for the designers of interfaces for encrypted DNS functionality in both browsers and operating systems, to help improve user awareness concerning these settings, and to ensure that users retain the ability to make choices that allow them to balance tradeoffs concerning DNS privacy and performance.

翻译：域名系统（DNS）加密的最新发展已促使主流浏览器和操作系统供应商部署加密DNS功能，并通常默认启用各种配置与设置。在许多情况下，默认的加密DNS设置会对性能和隐私产生影响；例如，Firefox的默认DNS设置会将用户的所有DNS查询发送至Cloudflare，从而可能引入新的隐私漏洞。本文证实，多数用户对这些发展缺乏认识——包括新技术的推出、默认设置的变更，以及自定义加密DNS配置以平衡用户对隐私与性能偏好的能力。我们的研究结果为浏览器和操作系统中加密DNS功能界面的设计者提出了若干重要启示，以帮助提升用户对这些设置的认知，并确保用户保有做出选择的能力，从而在DNS隐私与性能之间权衡取舍。