Improving Privacy for GeoIP DNS Traffic

  • Lanlan PanEmail author
  • Xuebiao Yuchi
  • Xin Zhang
  • Anlei Hu
  • Jian Wang
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 272)


Many authoritative nameservers today support GeoIP feature. EDNS Client Subnet (ECS) extension helps GeoIP authoritative nameserver to address the public recursive resolver’s proximity IP problem. However, ECS raises some privacy concerns since recursive resolver leaks client subnet information on the resolution path to the authoritative nameserver. In this paper we introduce an EDNS ISP Location (EIL) extension, to make privacy improvement for GeoIP DNS traffic while preserve the ECS optimization on the end-user experience, reduce response latency, and increase cache-hit rate. We analysis 910.9K Chinese IPv4 CIDR/24 subnets, find that 479.9K TEL subnets, 234.0K UNI subnets, and 66.3K MOB subnets can enable EIL to optimize DNS traffic.


DNS Privacy GeoIP Client subnet ECS EIL 


  1. 1.
  2. 2.
    Using the GeoIP Features in BIND 9.10.
  3. 3.
    DYN Predefined Geographic Groups of Traffic Director.
  4. 4.
  5. 5.
  6. 6.
    Microsoft Use DNS Policy for Geo-Location Based Traffic Management with Primary Servers.
  7. 7.
  8. 8.
    Contavalli, C., van der Gaast, W., Lawrence, D., Kumari, W.: Client Subnet in DNS Queries. RFC7871 (2016)Google Scholar
  9. 9.
    Kintis, P., Nadji, Y., Dagon, D., Farrell, M., Antonakakis, M.: Understanding the privacy implications of ECS. In: Caballero, J., Zurutuza, U., Rodríguez, Ricardo J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 343–353. Springer, Cham (2016). Scholar
  10. 10.
  11. 11.
    Bortzmeyer, S.: DNS privacy considerations. RFC 7626 (2015)Google Scholar
  12. 12.
    Grothoff, C., Wachs, M., Ermert, M., Appelbaum, J.: NSA’s MORECOWBELL: Knell for DNSGoogle Scholar
  13. 13.
    Hu, Z., et al.: Specification for DNS over Transport Layer Security (TLS). RFC 7858 (2016)Google Scholar
  14. 14.
    Dempsky, M.: Dnscurve: link-level security for the domain name system. Work in Progress, draft-dempsky-dnscurve-01 (2010)Google Scholar
  15. 15.
  16. 16.
    Wijngaards, W., Wiley, G.: Confidential DNS. IETF Draft (2015).
  17. 17.
    Kumari, W., Hoffman, P.: Decreasing Access Time to Root Servers by Running One on Loopback. RFC 7706 (2015)Google Scholar
  18. 18.
    Bortzmeyer, S.: DNS Query Name Minimisation to Improve Privacy. RFC7816 (2016)Google Scholar
  19. 19.
    Damas, J., Graff, M., Vixie, P.: Extension mechanisms for DNS (EDNS (0)). RFC 6891 (2013)Google Scholar
  20. 20.
    ISO 3166 Country Codes.
  21. 21.
    Maxmind GeoIP2 City Database.
  22. 22.
  23. 23.
    Pan, L., Fu, Y.: ISP Location in DNS Queries. IETF Draft (2017).

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Lanlan Pan
    • 1
    Email author
  • Xuebiao Yuchi
    • 2
  • Xin Zhang
    • 3
  • Anlei Hu
    • 3
  • Jian Wang
    • 1
  1. 1.Geely Automobile Research InstituteZhejiangChina
  2. 2.Chinese Academy of SciencesBeijingChina
  3. 3.China Internet Network Information CenterBeijingChina

Personalised recommendations