Hello.
Windows front end for DNSCrypt Proxy. Contribute to opendns/dnscrypt-win-client development by creating an account on GitHub. DNS over HTTPS / DNS over Tor / DNSCrypt client, firewall, and connection tracker for Android. celzero/rethink-app.
Dnscrypt Client
As we know, there is edns_client_subnet option available (since ver. 2.0.45 - if I remember correctly), that adds 'EDNS-client-subnet information to outgoing queries'. Default values are: ['0.0.0.0/0', '2001:db8::/32']. I would like to ask about situation where only IPv4 protocol is in use.
Dnscrypt-proxy Max_clients
I've read RFC/IETF about 'EDNS Client Subnet' and now I feel stupid and lost. Generally, I think, that using '0.0.0.0/0' may not be a very good idea to prevent privacy 'leakage' (user IP address etc.) or maybe I'm wrong and that's a clever solution?
So, what do you think about edns_client_subnet option? What IP address with subnet/prefix, should be used to achieve a better privacy? Is something like 198.51.100.0/24 a better choice, instead of the default address? However, '/24 prefix is only 256 IPs. This is very narrow and can be concerning for privacy'.
Or maybe Users should use their own IP address, provided by ISP, but in such format - with smaller prefix (so there should be more IPs than 256): 11.22.0.0/22 (that's only an example!).
Thanks, best regards.
____________________________________
For more information, please check:
1/ RFC7871 - Client Subnet in DNS Queries (Security considerations)
2/ Cloudflare - possible solutions for the edns problem in 1.1.1.1
Last edited by ferrum (2021-07-26 10:42:16)