This paper was presented at Securing and Trusting Internet Names 2012 (Teddington, UK). There are two distinct problems in determining the impact of passive DNS (pDNS) on end-user privacy. One is whether or not pDNS would allow the observer to reconstruct an individual end-user’s DNS behavior. The other is if DNS behavior constitutes personally identifiable information (PII) or is otherwise legally protected. This paper develops a framework to discuss both aspects of the privacy issue. From the technical point of view, DNS sensor architecture is analyzed and a statistical model is developed to describe the sensor’s ability to violate end-user privacy. To the other end, a review of various jurisdictions’ privacy legislation is presented and analyzed in the context of DNS as a system and pDNS as a collection mechanism. In general, we find that pDNS, properly configured, does not violate end-user privacy.