Change the ECS prefix length from /48 to /56 for IPv6, per RFC 7871

doh-client/client.go

@@ -259,7 +259,7 @@ func (c *Client) tcpHandlerFunc(w dns.ResponseWriter, r *dns.Msg) {
 
 var (
 	ipv4Mask24 = net.IPMask{255, 255, 255, 0}
-	ipv6Mask48 = net.CIDRMask(48, 128)
+	ipv6Mask56 = net.CIDRMask(56, 128)
 )
 
 func (c *Client) findClientIP(w dns.ResponseWriter, r *dns.Msg) (ednsClientAddress net.IP, ednsClientNetmask uint8) {
@@ -286,8 +286,8 @@ func (c *Client) findClientIP(w dns.ResponseWriter, r *dns.Msg) (ednsClientAddre
 			ednsClientAddress = ipv4.Mask(ipv4Mask24)
 			ednsClientNetmask = 24
 		} else {
-			ednsClientAddress = ip.Mask(ipv6Mask48)
-			ednsClientNetmask = 48
+			ednsClientAddress = ip.Mask(ipv6Mask56)
+			ednsClientNetmask = 56
 		}
 	}
 	return

doh-client/doh-client.conf

@@ -72,7 +72,7 @@ no_cookies = true
 # Disable EDNS0-Client-Subnet (ECS)
 #
 # DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of
-# the client's IP address (/24 for IPv4, /48 for IPv6 by default) to the
+# the client's IP address (/24 for IPv4, /56 for IPv6 by default) to the
 # upstream server. This is useful for GeoDNS and CDNs to work, and is exactly
 # the same configuration as most public DNS servers.
 no_ecs = false

doh-client/ietf.go

@@ -96,7 +96,7 @@ func (c *Client) generateRequestIETF(w dns.ResponseWriter, r *dns.Msg, isTCP boo
 				ednsClientNetmask = 24
 			} else {
 				ednsClientFamily = 2
-				ednsClientNetmask = 48
+				ednsClientNetmask = 56
 			}
 			edns0Subnet = new(dns.EDNS0_SUBNET)
 			edns0Subnet.Code = dns.EDNS0SUBNET