Understanding the Privacy Implications of ECS

Panagiotis Kintis, Yacin Nadji, David Dagon, Michael Farrell and Manos Antonakakis
13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)

The edns-client-subnet (ECS) is a new extension for the Domain Name System (DNS) that delivers a “faster Internet” with the help of client-specific DNS answers. Under ECS, recursive DNS servers (recursives) provide client network address information to upstream authorities, permitting topologically localized answers for content delivery networks (CDNs). This optimization, however, comes with a privacy penalty that has not yet been studied. Our analysis concludes that ECS makes DNS communications less private: the potential for mass surveillance is greater, and stealthy, highly targeted DNS poisoning attacks become possible. Despite being an experimental extension, ECS is already deployed, and users are expected to “opt out” on their own. Yet, there are no available client-side tools to do so. We describe a configuration of an experimental recursive tool to reduce the privacy leak from ECS queries in order to immediately allow users to protect their privacy. We recommend the protocol change from “opt out” to “opt in”, given the experimental nature of the extension and its privacy implications.