The Domain Name System (DNS) is central to all Internet user activity, resolving accessed domain names into Internet Protocol (IP) addresses. As a result, curious DNS resolvers can learn everything about Internet users' interests. Public DNS resolvers are rising in popularity, offering low-latency resolution, high reliability, privacy-preserving policies, and support for encrypted DNS queries. However, client-resolver traffic encryption, increasingly deployed to protect users from eavesdroppers, does not protect users against curious resolvers. Similarly, privacy-preserving policies are based solely on written commitments and do not provide technical safeguards. Although DNS query relay schemes can separate duties to limit data accessible by each entity, they cannot prevent colluding entities from sharing user traffic logs. Thus, a key challenge remains: organizations operating public DNS resolvers, accounting for the majority of DNS resolutions, can potentially collect and analyze massive volumes of Internet user activity data. With DNS infrastructure that cannot be fully trusted, can we safeguard user privacy? We answer positively and advocate for a user-driven approach to reduce exposure to DNS services. We will discuss key ideas of the proposal, which aims to achieve a high level of privacy without sacrificing performance: maintaining low latency, network bandwidth, memory/storage overhead, and computational overhead.

翻译：域名系统（DNS）是所有互联网用户活动的核心，它将访问的域名解析为互联网协议（IP）地址。因此，好奇的DNS解析器可以了解互联网用户兴趣的一切。公共DNS解析器正日益普及，它们提供低延迟解析、高可靠性、隐私保护策略以及对加密DNS查询的支持。然而，为保护用户免受窃听者攻击而日益部署的客户端-解析器流量加密，并不能保护用户免受好奇解析器的侵害。同样，隐私保护策略仅基于书面承诺，并未提供技术保障。尽管DNS查询中继方案可以通过职责分离来限制每个实体可访问的数据，但它们无法防止合谋实体共享用户流量日志。因此，一个关键挑战依然存在：运营公共DNS解析器的组织（占据了DNS解析的绝大部分）可能收集并分析海量的互联网用户活动数据。在DNS基础设施无法完全信任的情况下，我们能否保护用户隐私？我们给出了肯定的答案，并倡导一种用户驱动的方法来减少对DNS服务的暴露。我们将讨论该提案的核心思想，其目标是在不牺牲性能的前提下实现高水平的隐私保护：保持低延迟、低网络带宽、低内存/存储开销以及低计算开销。