Understanding the Privacy Implications of DNSSEC Look-Aside Validation

Abstract

DNSSEC Look-aside Validation (DLV) is examined, highlighting its lax specifications and privacy implications. By performing extensive experiments over datasets of domain names under comprehensive experimental settings, our findings firmly confirm the privacy leakages caused by DLV. We discover that a large number of domains that should not be sent to DLV servers are being leaked. We explore the root causes, and propose two approaches to fix the privacy leakages.