[dns-operations] Embedding MAC address in DNS requests for selective filtering

John Dickinson jad at sinodun.com
Mon Feb 1 11:06:09 UTC 2016


On 1 Feb 2016, at 9:57, Ralf Weber wrote:

> Moin!
>
> On 1 Feb 2016, at 10:15, Stephane Bortzmeyer wrote:
>
>> On Wed, Jan 27, 2016 at 06:01:37PM +0100,
>> Ralf Weber <dns at fl1ger.de> wrote
>> a message of 30 lines which said:
>>
>>> We are in the process of supporting the use of this option through
>>> open source efforts with dnsmasq at the CPE level and others. We
>>> would be supportive of standardizing this mechanism.
>>
>> Given this recent decision by IESG, I would say there is little
>> chance:
>>
>> http://mailarchive.ietf.org/arch/msg/ietf-announce/VX0mVElE6FaBFy4I_Vu65Zehl78
>
> Interesting. Looks like there was no such discussion for the client
> subnet draft on that topic which after a quick read looks to fulfil
> similar needs. So you never know.

ECS was already implemented by various operators. The _informational_ draft (it is still in IESG eval) is just documenting the existing implementations. AFAIK, there is going to be a new standards track draft once the various implementers resolve differences in behaviour. In light of the above it will be interesting to see how a standards track draft gets on. Also section 7.1.2 does say:

“A SOURCE PREFIX-LENGTH of 0 means the Recursive Resolver MUST NOT add
   address information of the client to its queries.  The subsequent
   Recursive Resolver query to the Authoritative Nameserver will then
   either not include an ECS option or MAY optionally include its own
   address information, which is what the Authoritative Nameserver will
   almost certainly use to generate any Tailored Response in lieu of an
   option.”

>
> And you know that the IETF not standardising it doesn't mean it won't
> get implemented.

Yes, and I would rather they did what ECS did and publish an informational draft so that the wider community gets the opportunity to comment.

John

> Also the implementations of e.g parental controls are
> usually opt in services, so it's the same (I would say better as your
> ISP usually is in your jurisdiction) deal as allowing the web services
> of the world to store my cookies and execute code on my host.
>
> So long
> -Ralf
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


John Dickinson

http://sinodun.com

Sinodun Internet Technologies Ltd.
Magdalen Centre
Oxford Science Park
Robert Robinson Avenue
Oxford OX4 4GA
U.K.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160201/aa7bb064/attachment.sig>


More information about the dns-operations mailing list