ETNO position on DNS over https (DoH)
Executive summary
The Domain Name System (DNS) is a critical element of the Internet infrastructure. DNS resolvers in particular play an essential role for operators and Internet Service Providers in providing access to the web for their customers. These resolvers are intermediaries that see the vast majority of DNS traffic sent today from and to their end-users to access the Internet, from web content to cloud infrastructures.
Executive summary
The Domain Name System (DNS) is a critical element of the Internet infrastructure. DNS resolvers in particular play an essential role for operators and Internet Service Providers in providing access to the web for their customers. These resolvers are intermediaries that see the vast majority of DNS traffic sent today from and to their end-users to access the Internet, from web content to cloud infrastructures.
A new protocol “DNS over HTTPS” (or DoH) was developed in order to enhance user privacy and security. This was itself followed by various announcements from browser makers on the deployment of the protocol. ETNO is of the opinion that, as a protocol, DoH may provide some improvement to currently deployed DNS technology. However, the foreseen deployment models raise a number of issues, not least related to policy, law enforcement, user privacy and governance.
The deployment models of DoH will have a technical impact on operators, as well as a significant policy impact. Investigations and blocking against malicious content risk becoming more difficult, with operators no longer being able to comply with legal requests for blocking; and the impact of a failure will be multiplied on account of a single point of failure. Less accountability, less transparency, and reduced geographical diversity among public DNS resolvers may have broader impacts on existing EU policies which rely on a secure and transparent Internet ecosystem: ePrivacy, eEvidence, data and competition, and digital services.
ETNO calls for a broader, international discussion – beyond the technical community – to consider the non-technical consequences related to data protection, regulation, competition and law enforcement. Policymakers should review DoH technology and its deployment models to consider its policy implications, while the technical community should work together to develop mechanisms to address the negative technical impacts.