[dns-operations] Embedding MAC address in DNS requests for selective filtering
dns at fl1ger.de
Wed Jan 27 17:01:37 UTC 2016
On 25 Jan 2016, at 16:36, bert hubert wrote:
> We have heard of implementations where 'per-device DNS filtering' is
> offered, even behind NAT. So this means you might get parental
> filtering on
> your kids' iPads, but not on your own desktop.
> This is then probably implemented by the home router (CPE) appending
> the MAC
> address to queries, presumably over EDNS. The ISP nameserver can then
> conditionally filter queries or not, based on customer IP and client
> In the interest of interoperability, could those parties that are
> implementing this functionality please speak up how they are doing it?
> know you are on this list.
A number of vendors (both CPE and DNS vendors), including Nominum, have
considered using mechanisms of this sort to provide applications based
DNS traffic. We don’t recommend overloading existing opcodes such as
one used for NSID ( https://tools.ietf.org/html/rfc5001). We use EDNS0
code 0xFE31 (65073 decimal), and its value is implementation specific
although in our current work, we have used the IEEE 802 48-bit MAC
the originating DNS client in 17-octet downcased colon-separated hex
form, e.g.: 12:34:56:78:90:ab.
We are in the process of supporting the use of this option through open
efforts with dnsmasq at the CPE level and others. We would be supportive
standardizing this mechanism.
More information about the dns-operations