Public DNS resolvers may collude to aggregate user behavioral data, compromising privacy. Method: This paper proposes a user-centric, collaborative DNS privacy protection mechanism integrating encrypted queries, multi-hop relaying, and responsibility separation—replacing traditional trust models reliant on single-point encryption or provider policy commitments. A lightweight protocol optimization ensures low latency, bandwidth, and computational overhead across mainstream DNS scenarios. Contribution/Results: Experiments demonstrate that the system achieves performance close to standard DNS resolution while significantly reducing the risk of centralized analysis of user activity data. It is the first work to empirically validate—without requiring any trusted third party—that strong privacy guarantees and high operational efficiency can be simultaneously achieved in DNS resolution.

The Domain Name System (DNS) is central to all Internet user activity, resolving accessed domain names into Internet Protocol (IP) addresses. As a result, curious DNS resolvers can learn everything about Internet users' interests. Public DNS resolvers are rising in popularity, offering low-latency resolution, high reliability, privacy-preserving policies, and support for encrypted DNS queries. However, client-resolver traffic encryption, increasingly deployed to protect users from eavesdroppers, does not protect users against curious resolvers. Similarly, privacy-preserving policies are based solely on written commitments and do not provide technical safeguards. Although DNS query relay schemes can separate duties to limit data accessible by each entity, they cannot prevent colluding entities from sharing user traffic logs. Thus, a key challenge remains: organizations operating public DNS resolvers, accounting for the majority of DNS resolutions, can potentially collect and analyze massive volumes of Internet user activity data. With DNS infrastructure that cannot be fully trusted, can we safeguard user privacy? We answer positively and advocate for a user-driven approach to reduce exposure to DNS services. We will discuss key ideas of the proposal, which aims to achieve a high level of privacy without sacrificing performance: maintaining low latency, network bandwidth, memory/storage overhead, and computational overhead.