You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
edns client subnet
About this tag
The edns client subnet tag covers discussions about the EDNS Client Subnet (ECS) option defined in RFC 7871, which allows DNS resolvers to include partial client IP information in queries. On WindowsForum, this tag appears in the context of security vulnerabilities, such as CVE-2026-4893 in dnsmasq, where crafted DNS packets with ECS data can bypass source checks and leak information. The tag highlights how Windows environments often rely on mixed infrastructure—including Linux appliances, routers, and containers—that may run vulnerable DNS software. Understanding edns client subnet is important for IT professionals managing DNS security across heterogeneous networks, as patching Windows alone may not address risks from other components in the DNS resolution chain.
CVE-2026-4893 is a medium-severity information disclosure vulnerability in dnsmasq, published on May 11, 2026, that allows a remote unauthenticated attacker to bypass source checks by sending a crafted DNS packet containing RFC 7871 EDNS Client Subnet information. The bug is not a...