junkurihara.github.io

Jun Kurihara (栗原 淳)


Project maintained by junkurihara Hosted on GitHub Pages — Theme by mattgraham

Mutualized Oblivious DNS

About

This is a web site introducing a new concept of anonymized DNS, called Mutualized Oblivious DNS (μODNS). Our implementation, public servers and their detailed information are given below.”


Publication

Initial concept paper

Jun Kurihara and Takeshi Kubo, “Mutualized oblivious DNS (μODNS): Hiding a tree in the wild forest,” Jun. 2021. https://arxiv.org/abs/2104.13785v3

Presentation slides

Jun Kurihara and Takeshi Kubo, “Mutualized Oblivious DNS (μODNS): Hiding a tree in the wild forest”, IEICE NS, Jul. 2021. (in Japanese) https://www.slideshare.net/JunKurihara2/mutualized-oblivious-dns-odns-hiding-a-tree-in-the-wild-forest-249693576


Implementation as an extension of Oblivious DNS over HTTPS (Being actively developed on GitHub)

We sometimes call this ODoH-based protocol and implementation by μODoH or MODoH.

Do53 - μODoH translation proxy written in Rust

μODoH relays and target servers with authentication and access control (fork of doh-server)

To protect DNS servers and relays from DoS attacks, authentication is introduced at the first hop relay. So, in addition to the above relay/target, authentication server is needed as below.

Public relays and servers

Currently we are testing its feasibility.


PoC implementation based on Dnscrypt protocol

Do53 - μODNS translation proxy (fork of dnscrypt-proxy)

μODNS servers based on encrypted-dns-server

Public resolvers and relays


Public DoH Server as an Entry of μODNS

If you want to just check if it works, you can try our DoH-μODNS translator from Chrome and Firefox browsers without using our dedicated client.

This translator converts DoH queries to PoC μODNS queries. It first works as the ‘first-hop’ relay of μODNS, and randomly choose subsequent (up to 2) relays from listed relays for user anonymity in DNS queries. The DoH address is:

https://dns.secarchlab.net/dns-query

Target full-service resolvers are ones listed in this repo and Quad9 servers of no-filters.

NOTE: Although our experimental resolvers and relays are ones with no log and no filter, the DoH-μODNS filters some content by using public ad lists and logs blocking histories.

Please use this translator only for testing at your own risk, and do not use this translator for your private activity. From the concept of μODNS, you should build your dedicated relay. Also note that it is not guaranteed that our translator works 24/365.

[Back to top]