Privacy and DNS Client Subnet
The Internet's architecture has evolved with CDNs like Cloudflare's 1.1.1.1 using anycast efficiently. DNS Steering and Client Subnet raise privacy concerns but aim to optimize performance globally.
Read original article
The architecture of service and content delivery on the Internet has evolved significantly, with Content Delivery Networks (CDNs) bringing content closer to users to reduce costs and improve performance. Routing anycast is a method used for content steering, where common IP addresses are used to direct users to the closest service instance. Anycast has been successful in the Root Zone DNS service. However, recent studies show that mobile clients may not always be directed to the closest server, impacting performance. Cloudflare's 1.1.1.1 DNS resolver uses anycast efficiently. Another approach, Application Server Steering, involves redirecting users to closer service locations based on their assumed location. DNS Steering uses the DNS to select optimal server instances based on user location. The use of EDNS Client Subnet in DNS queries raises privacy concerns by revealing user information to authoritative servers without explicit consent. The level of use of Client Subnet is around 12% globally, with variations across countries. Most users attach a /24 subnet in IPv4 queries. The DNS landscape continues to evolve, balancing performance optimization with user privacy considerations.
Related
Why content providers need IPv6
Content providers are urged to adopt IPv6 for better services, bypassing ISP translation devices. IPv6 improves user experience, reduces latency, and boosts reliability. Major companies like Google and Netflix are already benefiting from IPv6, pushing ISPs to support its adoption.
Issues with 1.1.1.1 public resolver in multiple locations
Cloudflare faces problems with 1.1.1.1 public resolver in various locations. Fix in progress. Investigation ongoing. Users can subscribe for updates. Cloudflare working on resolving the issue.
Cloudflare 1.1.1.1 incident on June 27, 2024
Cloudflare faced a DNS resolver issue on 1.1.1.1 due to BGP hijacking and route leak, impacting global users. Cloudflare used RPKI for prevention but challenges remain. Mitigation steps were taken during the incident.
Cloudflare 1.1.1.1 incident on June 27, 2024
Cloudflare faced a global incident on June 27, 2024, with its 1.1.1.1 DNS resolver due to BGP hijacking and a route leak. Despite affecting some users, Cloudflare responded by disabling peering locations and engaging with network operators to resolve the issue.
Journeying into XDP: Fully-fledged DNS service augmentation (2022)
Utilizing eXpress Data Path (XDP) enhances DNS services by implementing rate-limiting queries to combat DoS attacks efficiently. DNS Cookies whitelist returning requesters, aiding in mitigating spoofed queries and enhancing security. XDP's implementation includes verifying cookies and overcoming technical challenges.
1 commentsRelated
Why content providers need IPv6
Content providers are urged to adopt IPv6 for better services, bypassing ISP translation devices. IPv6 improves user experience, reduces latency, and boosts reliability. Major companies like Google and Netflix are already benefiting from IPv6, pushing ISPs to support its adoption.
Issues with 1.1.1.1 public resolver in multiple locations
Cloudflare faces problems with 1.1.1.1 public resolver in various locations. Fix in progress. Investigation ongoing. Users can subscribe for updates. Cloudflare working on resolving the issue.
Cloudflare 1.1.1.1 incident on June 27, 2024
Cloudflare faced a DNS resolver issue on 1.1.1.1 due to BGP hijacking and route leak, impacting global users. Cloudflare used RPKI for prevention but challenges remain. Mitigation steps were taken during the incident.
Cloudflare 1.1.1.1 incident on June 27, 2024
Cloudflare faced a global incident on June 27, 2024, with its 1.1.1.1 DNS resolver due to BGP hijacking and a route leak. Despite affecting some users, Cloudflare responded by disabling peering locations and engaging with network operators to resolve the issue.
Journeying into XDP: Fully-fledged DNS service augmentation (2022)
Utilizing eXpress Data Path (XDP) enhances DNS services by implementing rate-limiting queries to combat DoS attacks efficiently. DNS Cookies whitelist returning requesters, aiding in mitigating spoofed queries and enhancing security. XDP's implementation includes verifying cookies and overcoming technical challenges.