The EDNS(0) Padding Option

"Padding" is EDNS(0) Option code 12, and is used to pad DNS messages (queries as well as responses) to a desired size.

Padding is used in situations where the DNS traffic is encrypted, but size based correlation of encrypted DNS messages could still be used to reconstruct the original query and response information. Padding DNS messages makes it harder to apply size based correlation with known unencrypted messages

The EDNS(0) "Padding" Option was specified by the IETF "dprive" working group, and published in RFC 7830. Subsequently, Padding Policies were described in RFC 8467

News