Mitigating Client Subnet Leakage in DNS Queries

Many authoritative servers today return different responses based on the perceived geographical location of the resolvers' IP addresses, to bring the content as close to the users as possible. RFC7871 proposes an EDNS Client Subnet (ECS) extension to carry part of the client's IP address in the DNS packets for authoritative server. Compared with the resolver's IP address in the DNS packets, ECS can help the authoritative server to guess the user's geographical location more precisely. However, ECS raises some privacy concerns since it leaks client's subnet information on the resolution path to the authoritative server. In order to find a right balance between privacy improvement and end-user experience optimization, in this paper we introduce an EDNS ISP Location (EIL) extension to address the client subnet leakage problem of ECS. Note that EIL can reduce the dependence on high quality IP geolocation database, while this is crucial to ensure DNS response's accuracy in ECS.