{"id":2741,"date":"2016-01-12T15:38:28","date_gmt":"2016-01-12T15:38:28","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=2741"},"modified":"2020-05-06T10:30:05","modified_gmt":"2020-05-06T17:30:05","slug":"dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/","title":{"rendered":"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)"},"content":{"rendered":"<p>Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.\u00a0 The goal of network traffic monitoring can be benevolent.\u00a0 Organizations may want to detect malicious behavior to combat malware, identify insider threats, and prevent against criminal behavior.\u00a0 Unfortunately, the goal of monitoring can also be malevolent.\u00a0 Examples of this can include invading a user\u2019s privacy or gathering data to be used in a subsequent attack.\u00a0 In fact, the IETF feels that \u201cPervasive Monitoring Is an Attack\u201d (<a href=\"https:\/\/tools.ietf.org\/html\/rfc7258\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">RFC 7258<\/a>).<\/p>\n<p>In recent years, there has been increased awareness about pervasive monitoring of electronic communications by governments.\u00a0 Even if those governments claim that they are only collecting\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Metadata\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">metadata<\/a>\u00a0about the communications and not actually listening in on individual phone calls, the metadata can reveal a lot about a person and their behavior.\u00a0 Governments claim that\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Global_surveillance\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">global surveillance<\/a>\u00a0helps them uncover terrorist activities, but there is a downside to personal privacy resulting from such behavior.\u00a0 Pervasive Monitoring of\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Domain Name System<\/a>\u00a0(DNS) messages can provide valuable data that can be used for good or evil, depending on your perspective.\u00a0 Even though information returned within the DNS messages is usually considered public, not everyone feels that their queries, what they are looking up, are also public information.<\/p>\n<h2 id=\"toc-hId-649845820\">DNS Packet Inspection<\/h2>\n<p>When it comes to DNS packet inspection, both queries and responses contain data in clear-text.\u00a0 DNS traffic between the client and the recursive name server is not encrypted, nor is any encryption used when recursive name servers perform recursive lookups.\u00a0 The Domain Name System Security Extensions (<a href=\"http:\/\/www.internetsociety.org\/deploy360\/dnssec\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DNSSEC<\/a>), contrary to what its name might imply, does not encrypt the payload of the DNS query or response, but rather, provides a method of validating the authenticity of the information.\u00a0 DNSSEC provides for origin authentication and data integrity, but does not provide any confidentiality or DNS service reliability\/availability.<\/p>\n<p>By inspecting DNS traffic, you can observe the Query Name (QNAME) and the Query Type (QTYPE) and might even be able to see the data within the DNS response.\u00a0 You observe different information depending on where in the network topology you capture the DNS messages.\u00a0 If the DNS messages (frequently UDP port 53, but sometimes over TCP port 53) are observed on the Internet, one can also glean the IP address of the system making the DNS query.\u00a0 If you are observing the DNS messages in close proximity to the end-user\u2019s device, you can inspect the individual client\u2019s queries and the source IP address of the end-user\u2019s device and query packet payload.\u00a0 For an enterprise using their own local recursive DNS server, then the recursive DNS server\u2019s IP address could be discerned from the Internet perspective.\u00a0 Network Address Translation (NAT) is extensively used by enterprises with IPv4, so the source address of the DNS recursive name server could be modified on its way to the Internet DNS servers.\u00a0 However, with IPv6, there is no need for NAT (see\u00a0<a href=\"https:\/\/tools.ietf.org\/html\/rfc4864\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">RFC 4864<\/a>) so the client\u2019s global unicast address would likely be unmodified on its path to the recursive name server.<\/p>\n<h2 id=\"toc-hId-678474971\">View from the DNS Recursive Name Server<\/h2>\n<p>By their very nature, recursive name servers proxy the DNS query and do not reveal the originating client IP address of the device making the initial request.\u00a0 Large publicly-reachable recursive DNS servers (such as those from\u00a0<a href=\"https:\/\/publicdnsforum.verisign.com\/discussion\/13\/verisign-public-dns-set-up-configuration-instructions\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Verisign<\/a>\u00a0and\u00a0<a href=\"https:\/\/developers.google.com\/speed\/public-dns\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google<\/a>) provide DNS resolution services for numerous clients.\u00a0 Therefore, if you are observing DNS queries emanating from these recursive DNS servers, it would be difficult to ascertain what any one individual DNS client may be wanting to ultimately connect to.\u00a0 Also, these are caching DNS servers, so you would only be able to observe new queries or queries for names that have expired their\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System#Record_caching\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Time to Live<\/a>\u00a0(TTL).\u00a0 The organization operating a public recursive DNS server would be able to observe the original query being made by the client\u2019s device.\u00a0 Although there are many DNS queries made as a user might \u201csurf the net\u201d, it is possible to cull through the DNS packets to ascertain the user\u2019s activity.\u00a0 We can only hope that the organizations operating public DNS services have the best of intentions and desires to preserve the individual\u2019s privacy.<\/p>\n<p>In the case of\u00a0<a href=\"http:\/\/www.circleid.com\/posts\/20150929_verisign_public_dns_free_dns_service_respects_privacy\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Verisign<\/a>\u00a0and\u00a0<a href=\"https:\/\/developers.google.com\/speed\/public-dns\/privacy?hl=en\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google<\/a>, they publicly announced that they intend to help maintain privacy.\u00a0 However, it creates speculation over why a company would offer a free DNS resolution service, unless they were getting something in return; like information about us.\u00a0 For many residential broadband Internet users, their recursive DNS server is most often run by their ISP.\u00a0 If an enterprise organization runs their own DNS servers, then they would be in control of how they treat the confidentiality of the information within the DNS queries.<\/p>\n<h2 id=\"toc-hId-707104122\">View from the Authoritative Name Server<\/h2>\n<p>For those organizations who operate their own authoritative name servers, they may be observing the queries they receive for their DNS information.\u00a0 The authoritative server would be able to see the source IP address of the recursive DNS server that sent the query.\u00a0 The authoritative server would also be able to learn the client\u2019s source IP address if that client runs a personal\/local DNS server on its system.\u00a0 The information gathered by the authoritative name server can also be valuable.<\/p>\n<h2 id=\"toc-hId-735733273\">DNS Tells All<\/h2>\n<p>Most organizations and individuals do not realize how much information can be gleaned from DNS traffic inspection.\u00a0 We should recognize that we are giving away a lot of information to the system we are using for our DNS service.\u00a0 From this DNS information, the recursive DNS server knows just about everything about your Internet behavior.\u00a0 DNS traffic reveals everything from, where you shop online, what web pages you looked out, what you clicked on, and what you purchased.\u00a0 It can reveal who you associate with, what topics are interesting to you, and what information you accessed.\u00a0 If your\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Email_client\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Mail User Agent<\/a>\u00a0(MUA) server uses the same DNS server, then it also knows to whom and when you sent e-mails.<\/p>\n<h2 id=\"toc-hId-764362424\">Geolocation and CDNs with DNS<\/h2>\n<p>Alternatively, there are certain benefits to disclosing your location by revealing your source IP address and what you are seeking to connect to.\u00a0 For example,\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Content_delivery_network\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Content Delivery Networks<\/a>\u00a0(CDNs) use geolocation to help direct you to content that is geographically closer to you, thus improving your application experience. \u00a0\u00a0Many content providers use the IP address of the DNS server making the query for their web site\u2019s\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Fully_qualified_domain_name\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">FQDN<\/a>\u00a0for the purposes of Global Server\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Load_balancing_(computing)\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Load Balancing<\/a>\u00a0(GSLB).\u00a0 The assumption is made that the client is located in close proximity to their DNS server and therefore, the client can be directed to connect to a closer web server yielding reduced latency and improved end-user experience.\u00a0 This system breaks down when the client is using a DNS server that is far away from their actual location within the network topology.<\/p>\n<h2 id=\"toc-hId-792991575\">DNS is Critical Internet Infrastructure<\/h2>\n<p>Awareness of how\u00a0<a href=\"http:\/\/www.gao.gov\/products\/GAO-06-672\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Internet infrastructure<\/a>\u00a0is in fact\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Critical_Internet_infrastructure\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">critical infrastructure<\/a>\u00a0has increased the visibility of DNS security,\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Border_Gateway_Protocol\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">BGP<\/a>\u00a0security, and\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_authority\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Certificate Authority<\/a>\u00a0(CA) security.\u00a0 Recent\u00a0<a href=\"\/ipv6-coe\/finding-and-fixing-open-dns-resolvers\" target=\"_blank\" rel=\"noopener noreferrer\">DoS attacks using open DNS servers<\/a>\u00a0and weak NTP systems have made securing these protocols a priority.\u00a0 The intersection of these protocols culminates in security efforts outlined in solutions like\u00a0<a href=\"https:\/\/www.arin.net\/resources\/rpki\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Resource Public Key Infrastructure<\/a>\u00a0(RPKI),\u00a0<a href=\"\/ipv6-coe\/dns-based-authentication-of-named-entities-dane\/\" target=\"_blank\" rel=\"noopener noreferrer\">DNS-based Authentication of Named Entities<\/a>\u00a0(DANE), and\u00a0<a href=\"\/ipv6-coe\/improving-e-mail-security-with-domainkeys-identified-mail-dkim\/\" target=\"_blank\" rel=\"noopener noreferrer\">Domain Keys Identified Mail<\/a>\u00a0(DKIM), among others.<\/p>\n<p>Organizations are starting to wake up to the dangers of DNS monitoring and there are groups that are working on solutions to improve privacy.\u00a0 This past summer at the\u00a0<a href=\"https:\/\/www.nanog.org\/meetings\/road7\/agenda\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">NANOG On the Road #7<\/a>\u00a0event, Duane Wessels of Verisign gave a great presentation on the \u201c<a class=\" bf_ungated_init\" href=\"https:\/\/www.nanog.org\/sites\/default\/files\/02-Wessels.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Recent and Future Developments in DNS Security<\/a>\u201d.\u00a0 A few months ago, there was a CircleID article by Verisign titled \u201c<a href=\"http:\/\/www.circleid.com\/posts\/20151029_protect_your_privacy_opt_out_of_public_dns_data_collection\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Protect Your Privacy &#8211; Opt Out of Public DNS Data Collection<\/a>\u201d that also describes these issues regarding DNS and privacy.<\/p>\n<p>In the next blog of this 2-part series, we will cover the work being done within the IETF to alleviate these DNS privacy concerns.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.\u00a0 The goal of network traffic monitoring can be benevolent.\u00a0 Organizations may want to detect malicious behavior to combat malware, identify insider threats, and prevent against criminal behavior.\u00a0 Unfortunately, the goal of [&hellip;]<\/p>\n","protected":false},"author":321,"featured_media":2577,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[17],"tags":[108,30,15,48],"class_list":{"0":"post-2741","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ipv6-coe","8":"tag-bind","9":"tag-dns","10":"tag-security","11":"tag-threat","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)<\/title>\n<meta name=\"description\" content=\"Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)\" \/>\n<meta property=\"og:description\" content=\"Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-01-12T15:38:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:30:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/for-company-blogs_edited-1-2-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Scott Hogg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scott Hogg\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/\"},\"author\":{\"name\":\"Scott Hogg\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\"},\"headline\":\"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)\",\"datePublished\":\"2016-01-12T15:38:28+00:00\",\"dateModified\":\"2020-05-06T17:30:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/\"},\"wordCount\":1341,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/for-company-blogs_edited-1-2-1.jpg\",\"keywords\":[\"BIND\",\"DNS\",\"Security\",\"Threat\"],\"articleSection\":[\"IPv6 CoE\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/\",\"name\":\"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/for-company-blogs_edited-1-2-1.jpg\",\"datePublished\":\"2016-01-12T15:38:28+00:00\",\"dateModified\":\"2020-05-06T17:30:05+00:00\",\"description\":\"Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/for-company-blogs_edited-1-2-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/for-company-blogs_edited-1-2-1.jpg\",\"width\":660,\"height\":454,\"caption\":\"DNS is NOT a Transport Protocol!\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IPv6 CoE\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/ipv6-coe\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\",\"name\":\"Scott Hogg\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"caption\":\"Scott Hogg\"},\"description\":\"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.\",\"sameAs\":[\"https:\\\/\\\/hexabuild.io\"],\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/scott-hogg\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)","description":"Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/","og_locale":"en_US","og_type":"article","og_title":"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)","og_description":"Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.","og_url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/","og_site_name":"Infoblox Blog","article_published_time":"2016-01-12T15:38:28+00:00","article_modified_time":"2020-05-06T17:30:05+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/for-company-blogs_edited-1-2-1.jpg","type":"image\/jpeg"}],"author":"Scott Hogg","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Scott Hogg","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/"},"author":{"name":"Scott Hogg","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c"},"headline":"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)","datePublished":"2016-01-12T15:38:28+00:00","dateModified":"2020-05-06T17:30:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/"},"wordCount":1341,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/for-company-blogs_edited-1-2-1.jpg","keywords":["BIND","DNS","Security","Threat"],"articleSection":["IPv6 CoE"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/","url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/","name":"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/for-company-blogs_edited-1-2-1.jpg","datePublished":"2016-01-12T15:38:28+00:00","dateModified":"2020-05-06T17:30:05+00:00","description":"Pervasive Monitoring (PM) of data networking traffic is not only performed by governments, but corporations wanting to inspect the behavior of employees or customers.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/for-company-blogs_edited-1-2-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/for-company-blogs_edited-1-2-1.jpg","width":660,"height":454,"caption":"DNS is NOT a Transport Protocol!"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/dns-privacy-in-the-face-of-pervasive-monitoring-part-1-of-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"IPv6 CoE","item":"https:\/\/www.infoblox.com\/blog\/category\/ipv6-coe\/"},{"@type":"ListItem","position":3,"name":"DNS Privacy in the Face of Pervasive Monitoring (Part 1 of 2)"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c","name":"Scott Hogg","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","caption":"Scott Hogg"},"description":"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.","sameAs":["https:\/\/hexabuild.io"],"url":"https:\/\/www.infoblox.com\/blog\/author\/scott-hogg\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/321"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=2741"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2741\/revisions"}],"predecessor-version":[{"id":3706,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2741\/revisions\/3706"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2577"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=2741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=2741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=2741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}