[dns-operations] Embedding MAC address in DNS requests for selective filtering

bert hubert bert.hubert at powerdns.com
Mon Jan 25 15:36:03 UTC 2016


Hi everybody,

We have heard of implementations where 'per-device DNS filtering' is being  
offered, even behind NAT.  So this means you might get parental filtering on
your kids' iPads, but not on your own desktop.

This is then probably implemented by the home router (CPE) appending the MAC 
address to queries, presumably over EDNS.  The ISP nameserver can then
conditionally filter queries or not, based on customer IP and client MAC
address.

In the interest of interoperability, could those parties that are
implementing this functionality please speak up how they are doing it? I
know you are on this list.

One very simple way of doing it would be to reuse RFC 5001, which is
normally
used for server identification, and use it for client identification too.

If any vendor is in fact using NSID this way, please document this. It might
prevent surprises later on. Thank you.

If anyone thinks NSID is not a good way to do this, please also let us know.

PowerDNS will be implementing either NSID or what "the CPE market" is doing.

Thanks!

	Bert



More information about the dns-operations mailing list