Implementation Status

As described in the RFC, Padding DNS packets is useful only when the DNS traffic is encrypted (Otherwise, it just increases message sizes at not additional value). Therefore, implementation of the EDNS(0) Padding Option is limited to protocols which encrypt DNS messages during transport (such as DNS over TLS or DNS over DTLS).

Sinodun runs a project to create proof-of-concept level implementations of DNS over TLS. Their project plan contains EDNS0 Padding as a Key Implementation Feature. They also keep a table of implementations.

The Padding Option is implemented in the following DNS servers/clients/utilities:

DNS Servers (1)

The following DNS servers support EDNS padding:

• ISC BIND will support EDNS0 padding from version 9.12.0 (See release notes)
• Knot Resolver supports EDNS0 padding since version 1.2.0. It performs block-size padding with a default block length of 128 bytes.
• Unbound supports EDNS Padding for both upstream and downstream connections since v1.13.1 (See release notes)

DNS Clients (4)

The following DNS client software support EDNS padding:

• The Developer Preview of Android P supports DNS over TLS, and applies Block-Length Padding to 128 bytes
• Stubby is a special mode of getdns turning the API into a deamon which operates as a local DNS-over-TLS stub resolver "proxy". This allows seamless integration with the resolving logic of a client.
• kdig supports EDNS padding since version 2.3.0 via the "+padding=.." option.
• getdns API has full support for Padding (see Release Notes). The padding strategy used is that DNS queries are padded to the multiple of a configurable block size.
• digit (DNS measurement client) contains a command line switch ("-P") since version 1.4.3 to enable EDNS Padding (to the nearest 64 byte block size).
• A pull request for pydig adds EDNS padding to the Python utility.

(Net::DNS (Perl Module) contains the EDNS(0) Padding Option in its list of Option Codes)

(goDNS does currently not support Padding, but has a respective (unresolved) feature request.)

Other (1)

• Wireshark (Network Debugging Utility) recognizes and displays Padding since version 2.2.0
• nlnetlabs has added EDNS padding support to their XDP DNS Experiments.