Abstract: The Domain Name System（DNS） is an indispensable infrastructure for the stable operation of the Internet. It translates the easy-to-remember domain names to IP addresses of Internet resources. However, DNS is plagued by security issues due to its openness. Privacy is a hot issue in recent years. By reviewing the DNS query operation, this paper analyzes the potential privacy risks in every link of the DNS query, and finds that the privacy attacks on the DNS are mainly the eavesdropping on the links and the privacy collection on the servers. Combined with the related researches on DNS privacy in recent years, this paper analyzes the privacy data that may be leaked on DNS, the impact scope and the possible harm. The various solutions that are known are sorted out, the performance of reliability, anonymity and deployability of these solutions are analyzed. At last some suggestions for follow-up studies from the technical level, deployment difficulty level and legal level are provided.

Key words: Domain Name System（DNS）, privacy, security, anonymization

摘要： 域名系统（DNS）作为互联网运行必不可少的基础设施，它能将易记的域名转换成互联网资源的IP地址。DNS由于天然的开放性，导致其备受安全问题困扰。而隐私问题则是近些年DNS安全上的热点问题。通过回顾DNS的查询操作，分析了DNS查询每个环节可能存在的隐私隐患，发现DNS受到的隐私攻击主要有链路上窃听和服务器上的隐私收集。结合近些年DNS隐私的相关的研究，分析了DNS上可能泄漏的隐私数据、影响范围以及可能带来的危害。整理了目前已知的解决方案，分析对比了各种方案在可靠性、匿名化程度、可部署性上的表现。最后从技术、部署难度和法律层面为后续研究提供了一些建议。

关键词: 域名系统, 隐私, 安全, 匿名化