After some testing with the new Beta 384.11 Beta 2, which work great! There is some discussion about EDNS and it seems that it’s disabled by default on the router, in my case the 86U. After some reading on the web (see below) I was wondering if EDNS could be a benefit in terms of privacy? (Without using DoT) or does EDNS give trouble, depending on configurations in the router or else?
By the looks of it, it will give extra privacy, but then again I’m not familiar with it, so I can be mistaken.
Thanks for the heads-up!
What’s EDNS all about?
Fixing DNS requires some way of preserving the original location of the user across multiple middle boxes. The original design of DNS restricts the total packet size to 512 bytes, which effectively does not leave any room for a “location extension”, or any other extension like DNSSEC. This is what EDNS (Extended DNS) will solve in a backward-compatible way: if both DNS servers support EDNS, they can exchange packets larger than 512 bytes, and if not — they fall back to the traditional DNS.
What’s EDNS Client Subnet?
In 2011 Google wrote an IETF draft to send Client IP information using the EDNS0 extension and this is usually called ‘edns-client-subnet’. As a DNS client, it means that a truncated version of your IP address will be added into the DNS request. The DNS server will use this truncated IP address to make a more informed decision in how it responds so that you can be connected to the most optimal server. This standard is promoted by the Faster Internet initiative and already adopted by some leading vendors.
Because it is designed to keep privacy, the sender has the freedom to limit the client IP information. Instead of sending a full IP address, the DNS server is able to send partial information such as /24 only. For instance, if your IP address is 66.214.81.22, the DNS server will only expose the first three octets, so 66–214–81. Armed with the real IP address of the querying device, the DNS server can now come up with a much more accurate response.
With this more intelligent routing, customers have a better Internet experience with lower latency and faster speeds. Best of all, this integration is being done using an open standard that is available for any company to integrate into their own platform.
By the looks of it, it will give extra privacy, but then again I’m not familiar with it, so I can be mistaken.
Thanks for the heads-up!
What’s EDNS all about?
Fixing DNS requires some way of preserving the original location of the user across multiple middle boxes. The original design of DNS restricts the total packet size to 512 bytes, which effectively does not leave any room for a “location extension”, or any other extension like DNSSEC. This is what EDNS (Extended DNS) will solve in a backward-compatible way: if both DNS servers support EDNS, they can exchange packets larger than 512 bytes, and if not — they fall back to the traditional DNS.
What’s EDNS Client Subnet?
In 2011 Google wrote an IETF draft to send Client IP information using the EDNS0 extension and this is usually called ‘edns-client-subnet’. As a DNS client, it means that a truncated version of your IP address will be added into the DNS request. The DNS server will use this truncated IP address to make a more informed decision in how it responds so that you can be connected to the most optimal server. This standard is promoted by the Faster Internet initiative and already adopted by some leading vendors.
Because it is designed to keep privacy, the sender has the freedom to limit the client IP information. Instead of sending a full IP address, the DNS server is able to send partial information such as /24 only. For instance, if your IP address is 66.214.81.22, the DNS server will only expose the first three octets, so 66–214–81. Armed with the real IP address of the querying device, the DNS server can now come up with a much more accurate response.
With this more intelligent routing, customers have a better Internet experience with lower latency and faster speeds. Best of all, this integration is being done using an open standard that is available for any company to integrate into their own platform.