Bitdefender's Patent for DNS That Can't See What You Look Up

Almost every connection you make online starts with a DNS lookup — turning a name like example.com into an IP address. And almost every one of those lookups is visible to whoever runs your resolver, which means your DNS provider, and anyone who can observe it, sees a near-complete log of the sites you visit. Encrypted-transport DNS (DoH, DoT) hides the query from the network, but the resolver itself still sees everything.

US12328381B2, “Privacy-preserving domain name services (DNS),” granted to Bitdefender IPR Management Ltd. on June 10, 2025, goes after that residual leak. Classified under H04L 9/008 (homomorphic encryption) with DNS codes (H04L 61/4511), it claims answering a DNS query without the resolver learning which domain was requested.

Using homomorphic encryption for DNS is a genuinely apt fit. The lookup is, at bottom, a query against a mapping; homomorphic techniques (and the related private-information-retrieval family) let a server return the right answer to an encrypted query without seeing the query in the clear. The resolver does the work and hands back the record, none the wiser about what was asked.

What makes this notable beyond the cleverness is the attack surface it closes. DNS is the most under-appreciated privacy leak on the internet precisely because it is invisible to users and unavoidable — you cannot opt out of name resolution. A resolver that is cryptographically incapable of logging your queries changes the trust model: you no longer have to trust the resolver operator's privacy promises, because the math, not the policy, enforces them.

Per the desk's rules: issued grant (B2), not an application; a method claim, not a deployed service. Bitdefender is a mainstream security vendor, so privacy-preserving DNS maps to a plausible product direction — but the patent is the technique, and homomorphic DNS at internet scale faces real performance questions.

For the reader tracking applied cryptography, this is a good example of homomorphic encryption leaving the abstract and landing on a concrete, universal problem. The technology spent years as a solution looking for the right problem; private DNS — ubiquitous, metadata-rich, currently trust-based — is exactly the kind of problem it was waiting for.