[dns-operations] Embedding MAC address in DNS requests for selective filtering
Ralf Weber
dns at fl1ger.de
Wed Jan 27 17:01:37 UTC 2016
Moin!
On 25 Jan 2016, at 16:36, bert hubert wrote:
> We have heard of implementations where 'per-device DNS filtering' is
> being
> offered, even behind NAT. So this means you might get parental
> filtering on
> your kids' iPads, but not on your own desktop.
>
> This is then probably implemented by the home router (CPE) appending
> the MAC
> address to queries, presumably over EDNS. The ISP nameserver can then
> conditionally filter queries or not, based on customer IP and client
> MAC
> address.
>
> In the interest of interoperability, could those parties that are
> implementing this functionality please speak up how they are doing it?
> I
> know you are on this list.
A number of vendors (both CPE and DNS vendors), including Nominum, have
considered using mechanisms of this sort to provide applications based
upon
DNS traffic. We don’t recommend overloading existing opcodes such as
the
one used for NSID ( https://tools.ietf.org/html/rfc5001). We use EDNS0
option
code 0xFE31 (65073 decimal), and its value is implementation specific
although in our current work, we have used the IEEE 802 48-bit MAC
address of
the originating DNS client in 17-octet downcased colon-separated hex
textual
form, e.g.: 12:34:56:78:90:ab.
We are in the process of supporting the use of this option through open
source
efforts with dnsmasq at the CPE level and others. We would be supportive
of
standardizing this mechanism.
So long
-Ralf
More information about the dns-operations
mailing list