0

Anonymized EDNS client subnet reports a subnet that's across the country from my actual location

I understand that the intent of the Anonymized EDNS Client Subnet feature is that NextDNS should choose a subnet that's representative of my location but is not my actual subnet, in order to increase privacy.

However, with this feature enabled, NextDNS is reporting a subnet whose GeoIP2 location resolves to Friendswood, Texas, whereas I'm in Portland, Oregon.

Here's what I see when I run `dig o-o.myaddr.google.com txt @45.90.28.177`:

o-o.myaddr.google.com.    52    IN    TXT    "149.248.36.234"
o-o.myaddr.google.com.    52    IN    TXT    "edns0-client-subnet 63.145.112.0/24"

This GeoIP2 lookup tool reports that subnet's location as Friendswood, TX, and when I visit a website that uses Amazon CloudFront (which relies on ECS), I can see in the `x-amz-cf-pop` response header that the response is served from a POP in Houston, TX.

Here's the result of `dig o-o.myaddr.google.com txt @8.8.8.8`, which uses Google DNS rather than NextDNS:

o-o.myaddr.google.com.    60    IN    TXT    "172.217.46.68"
o-o.myaddr.google.com.    60    IN    TXT    "edns0-client-subnet 75.164.137.0/24"

This is my actual subnet (less private, but accurate at least!), which GeoIP2 correctly reports as being located in Portland, OR. When I use Google DNS and visit a website that uses CloudFront, the `x-amz-cf-pop` header indicates that the response is served from a POP in Hillsboro, OR, which is close to me and what I would expect.

It seems like this isn't how Anonymized EDNS Client Subnet is intended to work, since the inaccuracy negates any benefit of enabling the feature in the first place. Is this a bug?

1 reply

null

Content aside

  • 10 mths agoLast active
  • 1Replies
  • 215Views
  • 3 Following