A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


EDNS Client Subnet (ECS) - DNS CDN Magic or Secur - Jim Nitterauer NolaCon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

EDNS Client Subnet (ECS) - DNS CDN Magic or Secur
Jim Nitterauer

In January, 2011, the first version of Client subnet in DNS requests (draft-vandergaast-edns-client-subnet-00) was published as a collaborative effort by researchers from Google, Verisign and Neustar. This document defines a specific option 8 - which "conveys network information that is relevant to the message but not otherwise included in the datagram," allowing for both recursive and authoritative DNS servers to gain information regarding the network origin of the DNS request. This draft has been adopted as RFC 7871 and is currently undergoing review. The theory behind EDNS0 Option 8, more commonly known as EDNS0 Client Subnet, is that by gaining insight into request origin, DNS servers are able to direct endpoint clients to the closest geographic location via DNS response. This discussion will provide an overview of the current state and implementation of EDNS0 Client Subnet and its use in practice. We will also discuss the privacy and security implications faced when implementing EDNS Client Subnet. We will follow this up with an explanation for tools and techniques we used to measure proliferation of EDNS0 Client Subnet as well as share some of the data we collected and propose the implementation of standards for deployment.

Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS and SecureTide global SPAM and Virus filtering infrastructure as well as all internal applications and helps manage security operations for the entire company. He presents regularly at local regional and national conferences. He writes regularly for the AppRiver blog, Tripwire and Peerlyst. He is also well-versed in ethical hacking and penetration testing techniques, has joined the staff of BSides Las Vegas and has been involved in technology for more than 20 years.

Recorded at NolaCon 2017

Back to NolaCon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast