This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] EDNS Client Subnet
- Previous message (by thread): [atlas] EDNS Client Subnet
- Next message (by thread): [atlas] DNSEC Tag for Probes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kyle Schomp
kyle.schomp at gmail.com
Thu Jan 31 14:23:49 CET 2019
On Mon, Jan 28, 2019 at 1:41 PM Philip Homburg <philip.homburg at ripe.net> wrote: > On 2019/01/28 14:33 , Rami Al-Dalky wrote: > > When I tried to create a DNS measurement, I found that the only way to > > send DNS query with option is to set default_client_subnet to True. > > However, by setting this option, a DNS query will be sent with 0.0.0.0/0 > > <http://0.0.0.0/0> as client subnet. > > > > Is there a reason why ECS is implemented that way? If it for privacy > > issue, the RFC recommends to sent the client IP with /24 prefix for IPv4 > > and /56 for IPv6 to preserve the privacy. > > Let me point out that we chose 0.0.0.0/0 to avoid all privacy issues. > The recommendation just reduces privacy issues. > > What privacy issues are concerned when allowing a measurement creator to specify an ECS value that the probe should send along with DNS queries? Is it that some actors on the Internet might assume that the arbitrary ECS value actually originated the DNS query without any validation? I think this becomes a non-issue if you restrict the ECS prefix length to something sane like <=24. > At the same time, it was not clear to us what additional benefit it > would bring to RIPE Atlas measurements to include longer prefixes. In > particular, we assumed that the main purpose of this option would be to > measure interference by firewalls or other middle boxes. > > I think the benefit here is somewhat clear for measuring the behavior of recursive resolvers and authoritative nameservers when ECS data is present. > Philip > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ripe-atlas/attachments/20190131/c4ef2597/attachment.html>
- Previous message (by thread): [atlas] EDNS Client Subnet
- Next message (by thread): [atlas] DNSEC Tag for Probes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]