Collection: Applications

Sending a client to the wrong server could means tens of milliseconds of unnecessary latency, directly affecting user experience. (This app is slow. Why is it so slow? I hate my job. I’m stealing every paper clip in this place and not feeling guilty about it.) No one wants that. Instead, let’s introduce EDNS Client Subnet (ECS), outlined in RFC 7871, Client Subnet In DNS Queries.

QNAME minimization’s value proposition is simple. The resolver (the DNS server asking an upstream DNS server to help perform name resolution) won’t ask for the entire FQDN–just the parts that the upstream server in the recursion chain is authoritative for. In this way, privacy is preserved–non-authoritative DNS servers won’t know the exact hostname you’re looking for.

DNS over HTTPS (DoH) is an IETF standard that aims to improve the integrity of name resolution queries and increase security by preventing man-in-the-middle attacks. DoH should also improve user privacy. Enterprises and vendors who rely on DNS information to shape Web access, security, and content filtering must understand DoH and its potential impacts, and anticipate how this standard might affect operations.