HOME

TheInfoList



Click Here for Items Related To - EDNS Client Subnet
OR:
EDNS Client Subnet on:   [Wikipedia]   [Google]   [Amazon]

EDNS Client Subnet (ECS) is an option in the
Extension Mechanisms for DNS Extension Mechanisms for DNS (EDNS) is a specification for expanding the size of several parameters of the Domain Name System (DNS) protocol which had size restrictions that the Internet engineering community deemed too limited for increasing fun ...
that allows a
recursive DNS resolver The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
to specify the
subnetwork A subnetwork or subnet is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identica ...
for the host or client on whose behalf it is making a
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
query. This is generally intended to help speed up the delivery of data from
content delivery network A content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially r ...
s, by allowing better use of DNS-based load balancing to select a service address near the client when the client computer is not necessarily near the recursive resolver. When an
authoritative name server A name server refers to the server component of the Domain Name System (DNS), one of the two principal namespaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names (example. ...
receives a DNS query, it takes advantage of ECS DNS extension to resolve the
hostname In computer networking, a hostname (archaically nodename) is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication, such as the World Wide Web. Hos ...
to a CDN which is geolocationally near to the client IP's subnet, hence the client makes further requests to a nearby CDN, thereby reducing latency. The EDNS client subnet mechanism is specified in .


Privacy and security implications

Because ECS provides client network information to upstream resolver, the extension reveals some information about the client's location that the resolver would not otherwise be able to deduce. Security researchers have suggested that ECS could be used to conduct
internet surveillance Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be comp ...
. ECS may also be exploited to perform selective DNS cache poisoning attacks intended to only re-route specific clients to a poisoned DNS record.


Controversy over lack of support

The owner of self-serve
web archiving Web archiving is the process of collecting portions of the World Wide Web to ensure the information is preserved in an archive for future researchers, historians, and the public. Web archivists typically employ web crawlers for automated captur ...
tool Archive.today has expressed concern over Cloudflare 1.1.1.1 not passing the contents of this field on to the authoritative DNS server for Archive.today, and has in response configured the site's resolver to consider Cloudflare DNS requests invalid—effectively blocking 1.1.1.1 from resolving the website DNS records. The owner of the site believes 1.1.1.1 too often routes recursive DNS requests in a non-geographically-optimal way, causing poorer connectivity than if the feature was available at all times.
Cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San ...
CEO Matthew Prince cited privacy concerns as reason for 1.1.1.1 to not support ECS.


References

Domain name system extensions {{Internet-stub