[dns-operations] Embedding MAC address in DNS requests for selective filtering

bert bert.hubert at powerdns.com
Wed Jan 27 11:48:24 UTC 2016


Thanks to feedback from various places on list and off (thanks!), it appears
that this 'mac stuffing' is indeed quite widespread, possibly more so in the
US than elsewhere.

I have learned that 65001 is used as an EDNS codepoint, but that 5 has also
been observed. In addition, some vendors put other things than MAC addresses in
there to identify even specific users of a single computer. It is also
possible to hash or obfuscate the mac address so it can't be used to track
you over different wifi access points at different subscribers.

Finally, lots of people have voiced that passing the device ID over DNS is
also a boon to ISPs monetizing their user's traffic data. This may also
explain the uptake. 

Although there appears to be no standard, the practical standard is 'pick an
EDNS option code and stuff something in there'. 

I've blogged this up on
including a dnsdist configuration that inserts actual MAC addresses, and a
PowerDNS configuration that does selective filtering based on it.

Perhaps this will at least further interoperability slightly. It would be
sad if CPE-Resolver communications were to devolve from DNS to "looks like


More information about the dns-operations mailing list