Eating cookies

[bortzmeyer]

"although DNS cookies and EDNS Client Subnet signaling have undermined this" The situation with cookies is quite different, since they are hop-by-hop, not transmitted to the authoritative server (note that DNS over TCP, a very old thing, has the same properties as cookies, for user tracking). I would remove the mention of DNS cookies.

[BRE-ISNIC]

I feel DNS cookies are still relevant in this context, as they make it easier for a resolver operator to track users who are behind NAT. In particular, if you take a paranoid stance towards the big open public resolvers (Google, CloudFlare, Quad9), this is a technology they could theoretically make use of to better track their users.

[jedisct1]

Also see my note about DoH servers returning unique IPv6 addresses during the bootstrap process. This allows accurate fingerprinting without ECS or cookies.