OARC Neutrality

In this blogpost we outline OARC’s position regarding DNS-over-TLS, DNS-over-HTTPS and related technologies.

Mission

Ensuring that the DNS infrastructure and traffic is secure aligns well with OARC’s mission, and with DNSSEC now widely available to detect tampering with the integrity of DNS traffic, it’s clear the next effort should focus on protecting the privacy of DNS traffic against interception while in transit.

Role

Part of OARC’s role is to help bridge the gap between DNS protocol standards/development and actual operational practice, and we aim to support this process in the industry for encrypted DNS as we have for other new DNS technologies.

Support

OARC supports the development of DNS technologies based on open, interoperable standards and open-source software. At the same time, we are careful to be neutral regarding the various competing technologies that are on offer, and do not prefer one technology over another where there are diverse offerings.

… we are careful to be neutral regarding the various competing technologies that are on offer, and do not prefer one technology over another where there are diverse offerings …

We thus don’t take a view on whether DoT, DoH, or other potential encrypted DNS technologies are superior to each other. This is in line with OARC’s neutrality policy, that stems from our roots as a membership organization with over 100 organizations that are sometimes competitors yet strive to work together for a better DNS.

Approach

Our approach is to support the scientific method for determining which DNS technologies are best suited in diverse environments, through data collection, measurement and testing, and open sharing and peer-review of results/knowledge within the community.

Industry support to OARC

To this end, we are very pleased to announce that OARC has been awarded funding by two grant bodies to add capabilities to our dnsperf performance testing tool which include enhanced support for DoT and DoH.

These are from the Mozilla Open Source Support (MOSS) program, and the Comcast Innovation Fund.

[The grants build] on OARC’s longstanding support from and to the DNS community, allowing us to combine these grants to build the tools and ecosystem needed to measure, analyze and support encrypted DNS.

The funded works includes a re-factoring of dnsperf’s’ code to make it more stand-alone and future proof, addition of session management capabilities more suited to connection-oriented DNS testing, and full DoH support. This builds on OARC’s longstanding support from and to the DNS community, allowing us to combine these grants to build the tools and ecosystem needed to measure, analyze and support encrypted DNS.

The addition of DoH/DoT capabilities to our existing dnsperf tool is in line with OARC’s neutral, evidence-based approach — it will allow testing, measurement, comparison and analysis of the various different encrypted technologies. We are hopeful it will generate some answers about the merits of the various approaches to Encrypted DNS, helping operators decide which of these are most suitable for deployment, how best to deploy them, and for which use cases.

Read more about OARC’s neutrality policy here:https://www.dns-oarc.net/files/policies/neutrality-policy.pdf

Domain Name System Operations Analysis and Research Center

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store