The Domain Name System (DNS) plays an essential role in everyday Internet activities. However, unauthorized access to DNS-generated traffic also poses some serious privacy concerns. For instance, DNS traffic traces can be processed by third parties to identify an Internet user by means of behavioral analysis (i.e., a technique that employs machine learning classifiers to link multiple pieces of traffic belonging to the same person). In general, the more sessions an attacker can link, the more he or she will learn about the interests of an individual, and the more likely that the identity of this user will be revealed. The development of such methods of user identification has been the focus of several pieces of research, and currently, there are several strategies to obtain behavioral fingerprints from DNS traces. However, only a few works have proposed countermeasures to protect users against this privacy threat on the Internet. Furthermore, new technologies such as DNS-over-TLS, DNS-over-HTTPS, or DNS over QUIC can potentially render available countermeasures ineffective. This paper proposes Never Query Alone (NQA), a strategy that allows a set of nodes to modify their DNS query patterns to mitigate the risk of being tracked by DNS resolvers. In NQA, users forward their DNS queries through their neighbors in such a way that the identification accuracy achieved by the attackers is proportionally reduced as the number of participant nodes is increased. A second strategy, called NQA-SA, is also proposed. NQA-SA decreases the accuracy of the attackers to nearly 1 %, independently of the number of participant nodes. Both proposed countermeasures reduce the accuracy of the classifiers at the cost of increasing the delay of the DNS query resolution process. Thus, a trade-off between privacy and delay arises, which is theoretically studied in this work by means of queueing analysis. Experimental results with real networks demonstrate that the proposed countermeasures can significantly degrade the accuracy of commonly used machine learning classifiers, thus increasing the privacy protection of individuals on the Internet.

域名系统 (DNS) 在日常 Internet 活动中发挥着重要作用。然而，未经授权访问 DNS 生成的流量也会带来一些严重的隐私问题。例如，第三方可以处理 DNS 流量跟踪，以通过行为分析（即使用机器学习分类器链接属于同一个人的多个流量的技术）识别互联网用户。一般来说，攻击者可以链接的会话越多，他或她对个人兴趣的了解就越多，该用户的身份就越有可能被泄露。此类用户识别方法的开发一直是多项研究的重点，目前，有多种策略可以从 DNS 跟踪中获取行为指纹。然而，只有少数作品提出了保护用户免受互联网上这种隐私威胁的对策。此外，DNS-over-TLS、DNS-over-HTTPS 或 DNS over QUIC 等新技术可能会使可用的对策无效。本文提出了 Never Query Alone (NQA)，这是一种允许一组节点修改其 DNS 查询模式以降低被 DNS 解析器跟踪的风险的策略。在 NQA 中，用户通过他们的邻居转发他们的 DNS 查询，这样攻击者获得的识别准确度会随着参与节点数量的增加而成比例地降低。还提出了第二种策略，称为 NQA-SA。NQA-SA 将攻击者的准确率降低到接近 1 DNS-over-TLS、DNS-over-HTTPS 或 DNS over QUIC 等新技术可能会使可用的对策无效。本文提出了 Never Query Alone (NQA)，这是一种允许一组节点修改其 DNS 查询模式以降低被 DNS 解析器跟踪的风险的策略。在 NQA 中，用户通过他们的邻居转发他们的 DNS 查询，这样攻击者获得的识别准确度会随着参与节点数量的增加而成比例地降低。还提出了第二种策略，称为 NQA-SA。NQA-SA 将攻击者的准确率降低到接近 1 DNS-over-TLS、DNS-over-HTTPS 或 DNS over QUIC 等新技术可能会使可用的对策无效。本文提出了 Never Query Alone (NQA)，这是一种允许一组节点修改其 DNS 查询模式以降低被 DNS 解析器跟踪的风险的策略。在 NQA 中，用户通过他们的邻居转发他们的 DNS 查询，这样攻击者获得的识别准确度会随着参与节点数量的增加而成比例地降低。还提出了第二种策略，称为 NQA-SA。NQA-SA 将攻击者的准确率降低到接近 1 一种允许一组节点修改其 DNS 查询模式以降低被 DNS 解析器跟踪的风险的策略。在 NQA 中，用户通过他们的邻居转发他们的 DNS 查询，这样攻击者获得的识别准确度会随着参与节点数量的增加而成比例地降低。还提出了第二种策略，称为 NQA-SA。NQA-SA 将攻击者的准确率降低到接近 1 一种允许一组节点修改其 DNS 查询模式以降低被 DNS 解析器跟踪的风险的策略。在 NQA 中，用户通过他们的邻居转发他们的 DNS 查询，这样攻击者获得的识别准确度会随着参与节点数量的增加而成比例地降低。还提出了第二种策略，称为 NQA-SA。NQA-SA 将攻击者的准确率降低到接近 1 %，与参与者节点的数量无关。两种提议的对策都以增加 DNS 查询解析过程的延迟为代价降低了分类器的准确性。因此，出现了隐私和延迟之间的权衡，这在本工作中通过排队分析进行了理论上的研究。真实网络的实验结果表明，所提出的对策可以显着降低常用机器学习分类器的准确性，从而增加互联网上个人的隐私保护。