Re: [dnsext] afasterinternet.com trial and draft-vandergaast-edns-client-subnet-00

[Ted Hardie <ted.ietf@gmail.com>]

On Tue, Sep 6, 2011 at 10:28 AM, Nicholas Weaver
<nweaver@icsi.berkeley.edu> wrote:
>
> On Sep 6, 2011, at 10:25 AM, Ted Hardie wrote:
(adding Marty's comment back in )
On Tue, Sep 6, 2011 at 12:28 AM, Martin Barry <marty@supine.com> wrote:
> $quoted_author = "SM" ;
>>
>> From Section 9.1 of draft-vandergaast-edns-client-subnet-00:
>>
>>   "Users who wish their full IP address to be hidden can include an
>>    edns-client-subnet option specifying the wildcard address 0.0.0.0/0"
>
>> Users who do not wish to provide a client identifier will have to
>> update their software to support this specification.
>
> Or they could just not use OpenDNS, Google DNS or any other 3rd party
> recursive DNS provider who enables edns-client-subnet.
>

>> Hi Marty,
>>
>> The current draft says:
>>
>>   In any case, the response from the resolver to the client MUST NOT
>>   contain the edns-client-subnet option if none was present in the
>>   client's original request.  If the original client request contained
>>   a valid edns-client-subnet option that was used during recursion, the
>>   Recursive Resolver MUST include the edns-client-subnet option from
>>   the Authoritative Nameserver response in the response to the client.
>>
>> Given that, how is the client to know whether the service they are using enables
>> edns-client-subnet?
>
> a)  Does it matter?
>
> b)  Do a query with EDNS0 client subnet and see what happens.
>

The upshot of this is that SM is right:  clients who do not wish to
provide a client
identifier will have to update their software to achieve this goal,
since they cannot
identify whether a service is using it without that update.

regards,

Ted Hardie

>