About

DNS TAPIR (DNS Threat and Privacy Internet Research) is a cooperative, privacy-preserving operational platform with continuous analytical research focused on DNS-based threat detection and shared situational awareness.

DNS TAPIR enables Internet service providers and DNS resolver operators to collaboratively improve DNS-based threat detection without centralising sensitive DNS query data into external commercial cloud environments.

The platform combines:

• local privacy-preserving DNS telemetry processing,
• shared analytical capability,
• operational intelligence exchange,
• and continuously evolving analytical methods.

DNS TAPIR is designed around principles of:

• privacy preservation,
• open source transparency,
• operational cooperation,
• and federation between trusted analysis environments.

The architecture is specifically designed to support analysis of DNS telemetry while minimising unnecessary exposure of privacy-sensitive or operationally sensitive information. Local analysis inside the participating DNS resolver operator environment enables detection of behavioural and sequential DNS patterns before sensitive identifiers are minimised or removed.

DNS TAPIR explores an alternative to increasingly centralised commercial DNS-security ecosystems by enabling cooperative situational awareness and operational collaboration while preserving participant control over operational data.

The project combines operational platform development, applied operational research, and continuously evolving analytical capability.

DNS TAPIR is developed in collaboration between organisations and individuals active in:

• Internet infrastructure,
• DNS operations,
• cybersecurity,
• academia,
• and operational resilience.

Initial phases of the DNS TAPIR project were funded by Post- och telestyrelsen. In addition, Netnod AB, SUNET/Vetenskapsrådet and Internetstiftelsen contributed resources to the project. The current operational test phase is primarily funded by Internetstiftelsen, with continued resource contributions from Netnod and Vetenskapsrådet.

Project Status

Phase 1 — Proof of Concept (Completed)

Development and deployment of an initial proof-of-concept architecture for privacy-preserving DNS telemetry analysis and shared situational awareness.

This phase validated:

• distributed Edge/Core architecture,
• privacy-preserving data handling,
• and foundational analytical methods.

Phase 2 — Operational Test Phase (Ongoing)

DNS TAPIR is currently operating in a live operational test phase together with participating DNS resolver operators and Internet service providers.

Current focus areas include:

• deployment and onboarding support for DNS resolver operators,
• continued development of DNS TAPIR core services,
• operational testing with real DNS telemetry,
• development of local analysis capabilities in the DNS TAPIR Edge platform,
• federation and operational governance models,
• and transition toward production-ready operational capability.

The current phase focuses both on operational maturity and continuous analytical research.

Some analytical and architectural areas currently being explored include:

• modular analytical models,
• behavioural DNS analysis,
• DNS sequence analysis,
• and AI-assisted analytical methods.

For detailed status information, demonstrations, or collaboration discussions, contact us.

Phase 3 — Production Operations

The long-term goal is to establish DNS TAPIR as a sustained cooperative operational capability for:

• DNS-based threat detection,
• shared situational awareness,
• operational intelligence exchange,
• and cooperative cyber resilience.

This phase includes:

• production operations,
• federation between trusted operational environments,
• operational governance,
• onboarding processes,
• and long-term analytical evolution.

Contact

info@dnstapir.se

The Team

Olle E Johansson, Edvina AB (Project manager).
https://www.linkedin.com/in/ollejohansson/

Leon Fernandez, The Swedish Internet Foundation.
https://www.zluudg.com/academic

Mikael Kullberg, Cat Herd AB.
https://www.linkedin.com/in/mikael-kullberg-hula/

Lars-Johan Liman, Netnod AB
https://www.linkedin.com/in/ljliman/

Patrik Lundin, Sunet
https://www.linkedin.com/in/patrik-lundin-73477929/

Fredrik Pettai, Sunet
https://www.linkedin.com/in/pettai/

Jakob Schlyter, Kirei AB.
https://www.linkedin.com/in/jakob/

Johan Stenstam, The Swedish Internet Foundation.
https://www.linkedin.com/in/johan-stenstam-65bab1/

Ulrika Vincent, Agical AB.
https://www.linkedin.com/in/ulrikavincent/