[AusNOG] Google DNS
Mark Delany
g2x at juliet.emu.st
Wed Oct 15 02:59:28 EST 2014
On 13Oct14, Andree Toonk // BGPmon.net allegedly wrote:
> The issues with Open Resolvers and Geo location & CDN's has been solved
> while ago
Lemme see...
a) Public caches insist on white-listing auths prior to sending
edns-client-subnet. Obviously white-listing is not an
internet-scale solution. I presume they intend to turn off
white-listing some time in the distant future once they determine
that sending this option is universally safe.
b) The last version of the specification expired over 9 months ago and
seems not to have gained traction within any IETF standardization
group.
c) Many OS and commercial auth and cache implementations do not offer
this option as a standard part of their implementation even though
the spec has been around for a number of years - thus participation
is pretty constrained.
d) Technically there is some question about whether the necessary
narrowing of the privacy mask will dilute the privacy effect as the
v4 address space gets divided into ever smaller allocations. A
glitch I only recently stumbled across myself.
You could argue that the population of Open Resolvers and CDNs is
small and they all know each other, but GEO location is consumed by
many others besides the large CDNs providers and an increasing number
of ISPs and corps place their caches in a hierarchy behind public
caches.
That's not to say edns-client-subnet is a bad idea, but it's drawing a
rather long bow to say it was "solved" a while ago.
Mark.
More information about the AusNOG
mailing list