18
Send Anonymized EDNS Client Subnet with IPv6
Hi,
The Anonymized EDNS Client Subnet feature is great, it helps protect privacy (hide IP address) while getting data from the nearest CDN server https://medium.com/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5
I suggest upgrading the Anonymized EDNS Client Subnet feature to send IPv6 ranges (the future of the Internet) when available, as currently ECS only sends IPv4 ranges.
I use Akamai to debug this issue https://www.akamai.com/blog/developers/introducing-new-whoami-tool-dns-resolver-information
* With NextDNS: Even though IPv6 is available, the anonymous EDNS still sends IPv4 addresses. And the server only receives ECS IPv4 addresses.
; <<>> DiG 9.16.28 <<>> whoami.ipv4.akahelp.net TXT CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38508
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;whoami.ipv4.akahelp.net. CH TXT
;; ANSWER SECTION:
whoami.ipv4.akahelp.net. 20 IN TXT "ip" "38.60.253.211"
whoami.ipv4.akahelp.net. 20 IN TXT "ns" "38.60.253.211"
whoami.ipv4.akahelp.net. 20 IN TXT "ecs" "23.40.76.0/24/24"
;; ADDITIONAL SECTION:
client.nextdns.io. 0 CH TXT "171.249.18.201"
proto.nextdns.io. 0 CH TXT "DOH"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
profile.nextdns.io. 0 CH TXT "XXX"
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 224 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:31:56 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 478
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4843
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 6
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. CH TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2400:cb00:740:1024::ac47:534f"
;; ADDITIONAL SECTION:
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
proto.nextdns.io. 0 CH TXT "DOH"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
profile.nextdns.io. 0 CH TXT "XXX"
client.nextdns.io. 0 CH TXT "171.249.18.201"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 890 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:33:19 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 375
* With DNS server with ECS: I continue to use Google DNS, OpenDNS and Quad9 with ECS, all 3 DNS servers send ECS IPv6 addresses.
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT @2001:4860:4860::8888
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9091
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. IN TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ecs" "2402:800:634c:6400::/56/56"
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2404:6800:4005:c01::101"
whoami.ipv6.akahelp.net. 20 IN TXT "ip" "2402:800:634c:6458:b96:1aec:8d01:fd00"
;; Query time: 446 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Jun 25 09:39:09 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 187
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT @2620:119:35::35
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49351
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1410
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. IN TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ip" "2402:800:634c:6951:137c:7dd0:1713:f291"
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2620:0:cce::66"
whoami.ipv6.akahelp.net. 20 IN TXT "ecs" "2402:800:634c::/48/48"
;; Query time: 143 msec
;; SERVER: 2620:119:35::35#53(2620:119:35::35)
;; WHEN: Tue Jun 25 09:39:36 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 174
; <<>> DiG 9.16.28 <<>> whoami.ipv6.akahelp.net TXT @2620:fe::11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28251
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 16ee5fb4d2712f3301000000667a2dd5111310f35ed1651a (good)
;; QUESTION SECTION:
;whoami.ipv6.akahelp.net. IN TXT
;; ANSWER SECTION:
whoami.ipv6.akahelp.net. 20 IN TXT "ip" "2620:171:f4:f0::232"
whoami.ipv6.akahelp.net. 20 IN TXT "ecs" "2402:800:634c:6400::/56/56"
whoami.ipv6.akahelp.net. 20 IN TXT "ns" "2620:171:f4:f0::232"
;; Query time: 141 msec
;; SERVER: 2620:fe::11#53(2620:fe::11)
;; WHEN: Tue Jun 25 09:39:18 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 193
Hopefully the NextDNS team will consider this idea. Thanks!
20 replies
-
up vote
-
up vote
-
up vote
-
Up Vote
-
Up Vote
-
vote for this idea
-
Uppp
-
Uppp!
-
Up!!
-
Good idea. Up!
-
Isn't it already activated?
-
up vote!
-
Up
-
Upvote!
-
It seems that sending ECS with IPv6 address is only available when querying directly to IPv6 server. Currently, I check with IPv6 anycast server which is available. Hopefully, in the future, ultralow servers will also have IPv6 address.
; <<>> DiG 9.16.28 <<>> www.apple.com CHAOS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44220 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.apple.com. CH A ;; ANSWER SECTION: www.apple.com. 300 IN CNAME www-apple-com.v.aaplimg.com. www-apple-com.v.aaplimg.com. 300 IN CNAME www.apple.com.edgekey.net. www.apple.com.edgekey.net. 300 IN CNAME e6858.dsce9.akamaiedge.net. e6858.dsce9.akamaiedge.net. 20 IN A 23.44.216.246 ;; ADDITIONAL SECTION: proto.nextdns.io. 0 CH TXT "DOH" server.nextdns.io. 0 CH TXT "zepto-hkg-1" client.nextdns.io. 0 CH TXT "2402:800:634c:XXXX:9XXb:XXXX:1XXd:XXXX" profile.nextdns.io. 0 CH TXT "XXXX" client-name.nextdns.io. 0 CH TXT "nextdns-windows" smart-ecs.nextdns.io. 0 CH TXT "2401:d800::/48" ;; Query time: 73 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sat Mar 08 22:54:04 SE Asia Standard Time 2025 ;; MSG SIZE rcvd: 556
Content aside
-
18
Likes
- 4 days agoLast active
- 20Replies
- 406Views
-
14
Following