18
Send Anonymized EDNS Client Subnet with IPv6
Hi,
The Anonymized EDNS Client Subnet feature is great, it helps protect privacy (hide IP address) while getting data from the nearest CDN server https://medium.com/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5
I suggest upgrading the Anonymized EDNS Client Subnet feature to send IPv6 ranges (the future of the Internet) when available, as currently ECS only sends IPv4 ranges.
I use Akamai to debug this issue https://www.akamai.com/blog/developers/introducing-new-whoami-tool-dns-resolver-information
* With NextDNS: Even though IPv6 is available, the anonymous EDNS still sends IPv4 addresses. And the server only receives ECS IPv4 addresses.
; <<>> DiG 9.16.28 <<>> whoami.ipv4.akahelp.net TXT CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38508
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;whoami.ipv4.akahelp.net. CH TXT
;; ANSWER SECTION:
whoami.ipv4.akahelp.net. 20 IN TXT "ip" "38.60.253.211"
whoami.ipv4.akahelp.net. 20 IN TXT "ns" "38.60.253.211"
whoami.ipv4.akahelp.net. 20 IN TXT "ecs" "23.40.76.0/24/24"
;; ADDITIONAL SECTION:
client.nextdns.io. 0 CH TXT "171.249.18.201"
proto.nextdns.io. 0 CH TXT "DOH"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
profile.nextdns.io. 0 CH TXT "XXX"
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 224 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:31:56 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 478
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4843
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 6
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. CH TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2400:cb00:740:1024::ac47:534f"
;; ADDITIONAL SECTION:
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
proto.nextdns.io. 0 CH TXT "DOH"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
profile.nextdns.io. 0 CH TXT "XXX"
client.nextdns.io. 0 CH TXT "171.249.18.201"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 890 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:33:19 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 375
* With DNS server with ECS: I continue to use Google DNS, OpenDNS and Quad9 with ECS, all 3 DNS servers send ECS IPv6 addresses.
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT @2001:4860:4860::8888
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9091
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. IN TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ecs" "2402:800:634c:6400::/56/56"
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2404:6800:4005:c01::101"
whoami.ipv6.akahelp.net. 20 IN TXT "ip" "2402:800:634c:6458:b96:1aec:8d01:fd00"
;; Query time: 446 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Jun 25 09:39:09 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 187
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT @2620:119:35::35
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49351
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1410
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. IN TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ip" "2402:800:634c:6951:137c:7dd0:1713:f291"
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2620:0:cce::66"
whoami.ipv6.akahelp.net. 20 IN TXT "ecs" "2402:800:634c::/48/48"
;; Query time: 143 msec
;; SERVER: 2620:119:35::35#53(2620:119:35::35)
;; WHEN: Tue Jun 25 09:39:36 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 174
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT @2620:fe::11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28251
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 16ee5fb4d2712f3301000000667a2dd5111310f35ed1651a (good)
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. IN TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ip" "2620:171:f4:f0::232"
whoami.ipv6.akahelp.net. 20 IN TXT "ecs" "2402:800:634c:6400::/56/56"
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2620:171:f4:f0::232"
;; Query time: 141 msec
;; SERVER: 2620:fe::11#53(2620:fe::11)
;; WHEN: Tue Jun 25 09:39:18 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 193
Hopefully the NextDNS team will consider this idea. Thanks!
19 replies
-
up vote
-
up vote
-
up vote
-
Up Vote
-
Up Vote
-
vote for this idea
-
Uppp
-
Uppp!
-
Up!!
-
Good idea. Up!
-
Isn't it already activated?
-
up vote!
-
Up
-
Upvote!
Content aside
-
18
Likes
- 4 mths agoLast active
- 19Replies
- 329Views
-
14
Following