In January, 2011, the first version of Client subnet in DNS requests (draft-vandergaast-edns-client-subnet-00) was published as a collaborative effort by researchers from Google, Verisign and Neustar. This document defines a specific option 8 - which “conveys network information that is relevant to the message but not otherwise included in the datagram,” allowing for both recursive and authoritative DNS servers to gain information regarding the network origin of the DNS request. This draft has been adopted as RFC 7871 and is currently undergoing review.

The theory behind EDNS0 Option 8, more commonly known as EDNS0 Client Subnet, is that by gaining insight into request origin, DNS servers are able to direct endpoint clients to the closest geographic location via DNS response.

This discussion will provide an overview of the current state and implementation of EDNS0 Client Subnet and its use in practice. We will also discuss the privacy and security implications faced when implementing EDNS Client Subnet. We will follow this up with an explanation for tools and techniques we used to measure proliferation of EDNS0 Client Subnet as well as share some of the data we collected and propose the implementation of standards for deployment.

Details:

Date: Friday - May 16
Time: 16:00
Length: minutes
Location: Grand Ballroom C

Speakers:

Jim Nitterauer

Jim is a Senior Security Engineer at AppRiver, LLC. a Zix Company. He holds a CISSP, a CISM and is well-versed in …