0

Potential NextDNS security/privacy risk due to DS-Lite-Tunnel and linked IP

When an ISP can't assign a dedicated IP4 to a customer, it might use a DS-Lite-Tunnel to process IP4 requests via an IP4-to-IP6 tunnel. Pretty common in Europe at least. This means one shared public IP4 is used to process IP4 requests of multiple customers of that ISP.

Doesn't that mean that linking a NextNDS configuration to an IP4 will link all requests of all customers of that ISP's DS-Lite pool to that configuration? In the rare circumstance that another customer of the same ISP on the same IP4 DS-Lite pool uses NextDNS with an identical IP4 DNS server IP... all DNS-requests of either the other customer would get leaked to my configuration/analytics (or the other way around).

To make things worse, there is no way to unlink an IP4 from a configuration in NextDNS once you accidentally click the button.

Am I missing something here?

1 reply

null
    • NextDNs
    • 1 yr ago
    • Reported - view

    The server IP would be different for other configurations. Link IP is a tuple of source AND destination IPs.

Content aside

  • 1 yr agoLast active
  • 1Replies
  • 167Views
  • 2 Following