2

Using EDNS0 information to improve information in “Devices"

Hi,

 

I use NextDNS via my router to resolve all DNS requests.

It works great and I am very happy with it.

Recently my router got a new update and has now the option to send EDNS0 information along with DNS requests.

My question therefore:

Could this EDNS0 information be used to split DNS requests in the NextDNS “Analytics” page?

Currently the analytics page shows only 1 device - my router. It would be very helpful if we could split/redefine the device list based on the EDNS0 information.

 

Would this be possible?

 

Many thanks for looking into this! :-)

8 replies

null
    • R_P_M
    • 10 mths ago
    • Reported - view

    If you are using the IPv4 addresses only (UDP) then it’s not currently possible to distinguish between different devices in the NextDNS logs. 

    • the_catwisel
    • 10 mths ago
    • Reported - view

    Many thanks for your reply.

    I am using DNS over TLS (DoT) as the default service.

    My router has an assigned device name, as described here:

     

    However this becomes (very) difficult if I want to set this up for all devices in my network. 

    And of course almost impossible if we are talking about IoT devices :-D

      • R_P_M
      • 10 mths ago
      • Reported - view

       Unless the router has an option to have different upstream dns for each device, then it may not be possible to “split” the requests and they’ll all be labelled as from the router. I used to have something similar with all requests behind one single device name but since switching to an AdGuardHome implementation I can get most devices to use NextDNS with their own device name. 

      • the_catwisel
      • 10 mths ago
      • Reported - view

       Sure, that could be a solution.

      I was thinking that the split could be implemented on NextDNS endpoint side, as the raw request from my router should contain EDNS0 information. This information will contain MAC information about which client in my home network initiated the DNS request. Hence my idea was that NextDNS should be able to separate those requests into individual devices and make analytics and logs therefore more detailed.

      Of course, those devices would not contain any names, but rather the MAC as a device identifier. Therefore ideally a manual “rename/mapping” functionality with the NextDNS web overview would be an additional benefit to make it more human readable ;-)

      • R_P_M
      • 10 mths ago
      • Reported - view

       NextDNS actually is setup to strip EDNS info from requests as it’s seen as a privacy issue. Hmm.. not sure where I saw this info, it’s not in the NextDNS settings.

      Anyway, I don’t think I would want to send any private MAC address out onto the internet, even if it is only to NextDNS. That’s just my opinion though. 

      • the_catwisel
      • 10 mths ago
      • Reported - view

       Yes, users can choose to anonymize the EDNS information for e.g. CDNs.

      You can find this in the settings tab under performance:

       

      I understand your concern regarding MAC information being send out onto the internet. (even thou I use DoT)

      On the other hand, most MACs are anyway anonymised already client side. (e.g. “Private WiFi Address” on Apple devices.) NextDNS can still anonymise EDNS info when it is send to CDNs.

      There is no must, that you send this info out onto the internet; but there are use cases where it makes sense. As the info like in my case is anyway already present, why not make use of it on the NextDNS backend and split it into separate devices to offer better analytics and enhanced logging?

       

      Coming back to your the AdGuardHome setup: May I ask what additional benefits do you see of using NextDNS while you are already handling your DNS requests via AdGuardHome? Sorry, I’m just curious.

    • R_P_M
    • 10 mths ago
    • Reported - view
     said:
    May I ask what additional benefits do you see of using NextDNS while you are already handling your DNS requests via AdGuardHome?

     Ah, well I’m using NextDNS as a second line of defence for requests that might slip through or have other blocking reasons not readily available in AdGuardHome. Because I’m on the free tier with NextDNS I like to keep requests as low as I can, so blocking locally makes sense.

    Also when away from home NextDNS is there but you know that already I would think. 

      • the_catwisel
      • 10 mths ago
      • Reported - view

       Thanks. So it’s more or less acting as a DNS cache. I got it. :-)

Content aside

  • 2 Likes
  • 10 mths agoLast active
  • 8Replies
  • 213Views
  • 2 Following