BIND to Add QNAME Minimization

We will be adding QNAME minimization in the next major version of named.

QNAME minimization is described in IETF RFC 7816. It is an important component of an overall DNS privacy strategy. This project will make it possible for the operator of a BIND resolver to configure it to minimize unnecessary information leakage. Data leaked through DNS lookups is increasingly stored and analyzed and can be used for surveillance purposes. Even worse, such surveillance does not require the sophistication of a government actor. Data is leaked routinely to every DNS system in the path of every user lookup if QNAME minimization is not in use, so all that is required is that those system operators collect and analyze the data. The information leaked is meta data only, related to the Internet resource the end user is seeking; it could disclose the existence of an email conversation, PGP key lookup of a correspondent, or research on sensitive topics or people.

The Open Technology Fund has generously agreed to sponsor this work. The mission of the OTF is to support Internet freedom. QNAME minimization is sponsored because of their focus on “Privacy enhancement, including the ability to be free from repressive observation and the option to be anonymous when accessing the internet.”

Anyone wishing to follow along or comment on this enhancement is welcome to join ISC’s Gitlab for BIND 9. This is issue #16.

Image of a woman with a finger over her lips with the text 'qname minimization'

Recent Posts

What's New from ISC

Someone on the Internet is committing fraud

Update posted June 27th, 2024 This was not the fraud we thought it was We have learned that emails we originally identified as abuse were sent by an external contractor engaged by ISC to conduct a focussed and short-term lead generation campaign.

Read post
Previous post: ISC GitLab for BIND