"Reverse DNS Queries May Reveal Too Much, Computer Scientists Argue"

Computer scientists at the University of Twente in the Netherlands discovered that the interaction between the Internet and local networks could be examined to reveal private data and support tracking. They examined how the Domain Name System (DNS) interacts with the Dynamic Host Configuration Protocol (DHCP) and found that some of the data exchanged can be exposed by Reverse DNS (rDNS) queries in a study titled "Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS." DHCP is a network management protocol that enables IP addresses to be assigned dynamically to network devices. A client-server model is used, in which the device joining the network (the client) requests an address from the DHCP server. To allow the assigned IP address to be reallocated, the client keeps this address for a set period of time (a lease period) or until it sends a release message and leaves the network. However, clients may leave a network without sending a release message, leaving a time gap between client departure and automated record removal that allows for additional rDNS network interrogation. According to the researchers, their work demonstrates that automated and continuous changes to rDNS records via DHCP may reveal client identifiers that endanger privacy. Their findings indicate a strong link, as 9 out of 10 cases show that records linger for no more than an hour on various academic, enterprise, and Internet Service Provider (ISP) networks. They also demonstrated how to learn client patterns and network dynamics by tracking devices owned by people named Brian over time, detecting shifts in work patterns caused by COVID-19-related work-from-home measures, and determining the best time to stage a heist. The ability to track individuals through their devices from the Internet provides the opportunity to rob an associated location when it is unoccupied. The researchers acknowledged that the privacy risk of DHCP has been recognized since at least 2016 in RFC 7844, which describes how DHCP clients can remain anonymous on a network. However, their findings not only show that identifiers are carried over in the wild, but also that the content contained in identifiers is privacy-sensitive in and of itself. Knowing the make and model of a client device, for example, may benefit sophisticated attackers who can use this information to pre-select exploits. Owner names can be used to associate IP addresses with users, which could be used for various malicious purposes. This article continues to discuss the study on privacy exposure through rDNS. 

The Register reports "Reverse DNS Queries May Reveal Too Much, Computer Scientists Argue"