Matryoshka DNS Server

Many solutions are offered for some of the DNS issues, but most simply shift one problem for another and you remain under the control of your provider.

Using Matryoshka a method of hiding both the DNS data and metadata becomes possible.

How Matryoshka works is described in “,Matryoshka”.

Since there is no visibly distinct DNS message that can be observed by a listening party, such as your ISP, the fact that a DNS query is taking place is not reveled.

While the first query for a given domain to a Matryoshka DNS server does require it to make the initial query to a DNS server, from that point it will continue to make queries as the Time To Live parameter indicates. Once in the system and the queries start, there is no longer a way to correlate a query to the user.

Filtering remains possible, but Alice can choose one or more filter information providers.

The filter provider’s data is directly sent to Alice’s computer and the provider does not know if and when it is used.

The DNS query is still returned, but Alice’s computer, at the command of the Alice, can accept or reject an individual filtered query.

Alice can add customer filters or bypass a given filter.

Both Matryoshka DNS and filter services can be free or paid services, but the provider has no method to know who the customers are.

The site that Alice is communicating with may do things to know and trace who is communicating with it, such as when signing in is required. All works as normal, but the tracking and spoofing via DNS have been removed. For all observers, including the ISP or intelligence agencies, the DNS traffic or metadata is not exposed.

If the Alice also uses Matryoshka nodes to communicate to the desired site, no data or metadata is exposed to any party, including the Matryoshka providers. Metadata about where Alice is communicating from has now been eliminated from the observer’s eye.

The final option for limited circumstances is when Alice is communicating with a Matryoshka site. In this case no data or metadata is exposed. There is no hint that any communications ever takes place.

ShofarNexus™ ●

The Domain Name System ● What it is to “Resolve”

Domain Names and IP Addresses

Iterative Lookup ● Alice’s computer does it all

Recursive Lookup ● A server does it all

Hijacking a query

Tracking your queries

Secure DNS Server

DNS Filtering

Matryoshka DNS Server