If this is true then how did we get here?
First a quick primer on the domain name system (DNS). When a user or application uses the DNS to visit a website or web service they first ask where it is located using a recursive DNS resolver. For most Canadian Internet users, this resolver is located on the network of the internet service provider’s and it is not something a user thinks about. If the recursive resolver doesn’t know the information, or if it “decides” that the information it has is too old, then it starts the process of looking up the data. This starts by querying “the root,” then traverses the DNS hierarchy down to the top-level domain manager, and finally the domain holder (here is a video for those visual learners)
In this process the recursive resolver asks what are called, authoritative DNS resolvers what they know for each element of the domain name. A good metaphor is that the recursive resolver has the Internet’s map, and for things it doesn’t have, it knows how to look it up. Fundamentally, the DNS is made up of two things: recursive and authoritative resolvers.
This system is based on Internet Engineering Task Force (IETF) RFC1034 and 1035, which were originally proposed in 1987 and are standards.
(As a side-note an RFC, or “Request for Comment” is a technical document submitted to the Internet Engineering Task Force (IETF). The entire global technical community can then contribute to it. Some RFCs go on to become “internet standards.” If you want to know how that sausage is made then go here.)
What is important is that DNS queries are sent in clear text over the wire. And this is at the root (no pun intended) of what many think is the problem. It is based on the concept of a free and open Internet and that concept is under threat because bad actors (i.e. hackers) can take advantage of it, while the data can also be used in ways that the end user may not want from commercial entities and governments.