add disable ecs option

[shirakun]

add disable ecs option

154

[m13253]

Here are my questions about this change.

I don’t quite understand why we need this option, because:

1. It doesn’t really disable GeoDNS as the upstream server can still use doh-server’s IP. (Omitting an ECS field doesn’t mean turning it off. Sending a +subnet=0 explicitly does.)
2. ECS can be disabled at client side. If using dig, the +subnet=0 option turns off ECS. (man page) If using doh-client, the no_ecs = true option turns off ECS.
3. ECS can be disabled at HTTP SLB side. Forwarding the client’s IP address is always optional. If you don’t want the client’s IP, why forward it at the first place?
4. If you have a DNS cache, ECS can also be disabled at DNS cache. I believe most DNS cache either allows you to turn off ECS, or doesn’t support ECS so ECS tag is automatically ignored.

Furthermore, as DoH is very difficult to deploy on anycast, ECS is very important to ensure GeoDNS performance. I don’t want service operators to blindly turn off ECS without spending an hour thinking it twice. (Although there are DoH providers that deliberately disable ECS (e.g. Cloudflare), it’s because they have massive PoP network, and their PoP may reside in the same city with their users, so the IP address of their PoP can be used in substitute of the IP address of their users. It does hides what ISP you are using, but your geographical location is still disclosed.)

Also, some minor suggestions:

1. the option should be called no_ecs to be consistent with doh-client.
2. No ; at the end to be consistent with other options.
3. ECS is only one part of EDNS, so the comment needs to be rewritten.

I haven’t yet decided to merge this change. Please persuade me.

[shirakun]

Hi I understand your confusion. This is a scenario that very few people will ever use. I'm going to use a picture to describe the scenario.

In addition, in this case ContryA cannot connect directly to public DNS servers like Google DNS.

---

This DNS architecture is often used with proxies

If the CountryA DNS server is excluded, then the CountryA Client will get a CountryB CDN IP. The CountryB CDN IP will be requested through the Proxy. This will cause the CountryA Gov to track the Client through the Client Account. Client will face 7 days to 1 year imprisonment.

[m13253]

You might want to consider combining doh-server with my another project https://github.com/m13253/geodns-injector. Originally developed to allow correct resolution of NetEase Music domain names.

You can put whatever IP into geodns-injector, allowing you to get geographically relevant results while keeping IP private (unless the client IP matches the configured passthrough country).

Actually doh-client and doh-server only submit IP prefix up to /24 (up to /48 for IPv6, some implementations use /56). This is determined to be the smallest IP prefix allowed in public BGP infrastructure, allowing geographical relevance, but preventing tracking each single user.