Secure64 Endorses the DNS-over-TLS (DoT) Approach to Privacy as Preferred Approach
Fort Collins, CO – April 30, 2019 – Secure64, the leading provider of DNS Security-as-a-Service solutions, today released a technical white-paper that sets forth its position on the Internet Engineering Task Force (IETF) standards DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT).
As background, the Domain Name Service (DNS) is a distributed, highly-redundant, highly-scalable distributed database used for the translation of domain names, e.g., www.google.com, to IPv4 or IPv6 addresses. More specifically, when a URL such as www.google.com is typed into a browser, the domain name portion of the URL is submitted to a DNS resolver library, which in turn initiates a domain name lookup by a recursive resolver typically configured by the network provider. The resolver will respond with the IP address of the requested web server which the browser will then connect to, either over HTTP or HTTP/S.
Today DNS lookups and responses are sent unencrypted over the network. While that may raise privacy concerns, keep in mind DNS data cannot reveal, for example, that a user was looking at Nike running shoes on Amazon. DNS data can show that a user visited a certain website and for that reason it does provide some insight into user behavior.
Given the current state of privacy discussions across the Internet community highlighted by the recent enactment of the EU’s General Data Protection Regulation (GDPR), DNS privacy has become a very timely topic. With that in mind, Secure64 today is publishing a white-paper (www.secure64.com) which provides a detailed look at the issue of DNS privacy, emerging standards, and services available today to improve end user privacy. Our white-paper covers the IETF standards for DNS over HTTPS (DoH) and DNS over TLS (DoT). We advise anyone interested in DNS privacy issues to review our paper.
At its core, DoH involves encrypting DNS traffic between the client and the resolver and sending that traffic over https to one of a short list of approved resolvers. This approach ensures privacy by of the DNS data and makes it indistinguishable from other https traffic on the network.
DoT, on the other hand, encrypts DNS traffic between the browser and the resolver but communicates this encrypted DNS traffic over standard DNS ports and does not require that the user switch from their current resolver operator to one on a short list provided by the browser vendor. DoT ensures privacy of DNS traffic while still allowing existing ISPs to provide regulatory and quality of service controls.
“Secure64 recommends DoT, which our product supports today, as the preferred solution today for improving DNS privacy,” said Thad Dupper, CEO of Secure64. “And while DoH and DoT are generating a fair amount of industry chatter today, we believe the larger issue centers on who ultimately should control the DNS – the network operators or the browser vendors. Issues regarding regulatory compliance and data stewardship must first be agreed to before browser vendors deploy DoH or DoT technology in any meaningful way. With that in mind, Secure64 believes DoT to be the only viable solution that will allow the network operators to continue to comply with the complex regulatory and operational requirements mandated by governmental agencies,” added Dupper.
About Secure64 Software Corporation
Six of the top fifteen operators and eleven of the top thirty carriers rely on Secure64’s DNS. Our base today comprises over 1 billion representing over of 20% of the global mobile subscribers. Performing billions of DNS lookups every day across six contents has galvanized our well-earned reputation for providing highly-secure, exceedingly stable and performant DNS solutions.
Secure64 brings trust to the internet through its suite of purpose-built, secure, DNS-based network security products. The company was built on a foundation of security and has forged solutions that are self-protecting and immune to malware. Secure64 secures the DNS infrastructures of leading service providers, government agencies and enterprises globally.
Secure64 is a privately held company which boasts deep technical and global experience in its leadership and technical staff. It is the only DNS solution provider that has authored a secure micro OS, automated the deployment of DNSSEC and built self-protecting DNS servers. For more information, visit www.secure64.com