Implementation Status

As described in the RFC, Padding DNS packets is useful only when the DNS traffic is encrypted (Otherwise, it just increases message sizes at not additional value). Therefore, implementation of the EDNS(0) Padding Option is limited to protocols which encrypt DNS messages during transport (such as DNS over TLS or DNS over DTLS).

Sinodun runs a project to create proof-of-concept level implementations of DNS over TLS. Their project plan contains EDNS0 Padding as a Key Implementation Feature. They also keep a table of implementations.

The Padding Option is implemented in the following DNS servers/clients/utilities:

DNS Servers (1)

The following DNS servers support EDNS padding:

(Unbound supports a variant of DNS over TLS (TCP, port 853), but does currently not process EDNS0 Option contents)

DNS Clients (4)

The following DNS client software support EDNS padding:

(Net::DNS (Perl Module) contains the EDNS(0) Padding Option in its list of Option Codes)

(goDNS does currently not support Padding, but has a respective (unresolved) feature request.)

Other (1)