Do DNS queries reveal full URLs?

João

6/16/23, 6:28 PM

I use my ISP's DNS, which means that if I access "example.com" they will know, but will they know the exact page? (eg. "example.com/something.html"). As far as I know, if I access "google.com" or "google.com/search?q=my+isp+can't+see+this" my device is only asking for the ip of "google.com" in both cases, thus ISP or 1.1.1.1 or whatever... will not be able to know exactly what i'm accessing, instead they will only know the website but not the content itself (what comes after the slash) right? if that's the case, then I don't think it's that creepy as some people advertise.

0 + 0

domain-name-system

privacy

isp

Score:0

Server

Synchro

6/16/23, 7:00 PM

No, DNS lookups cannot leak URLs, because they are never sent to DNS servers. But it is exactly as creepy as is made out.

In some places merely visiting a "forbidden" site can reveal information that can earn a death sentence, ostracism, or other extreme punishment. You're apparently in a sufficiently privileged position not to be bothered by that; not everyone is as lucky as you.

The pattern of domains that someone accesses can form a unique identifier, and the construction of profiles by whoever runs the DNS server is not only possible but likely.

This is exactly why mechanisms like DNSCrypt, DoH, and DoT have come into being, to avoid this exposure. Similarly, when you use a TOR browser, your DNS lookups are also anonymised. A similar issue has led to the avoidance of OCSP for certificates, in favour of OCSP stapling.