<div dir="ltr">Hi Remi,<div><br></div><div>Sure let me put something together with some generic data and send you the trace. By the way, could you send me the rule you used? I tried a few known EDNS Options and those did not work for me either. There isn't anything that I need to enable for this to work? </div><div><br></div><div>Depending on timing I may not get to this before Friday my time.</div><div><br></div><div>Thanks,</div><div>brian</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne <<a href="mailto:remi.gacogne@powerdns.com">remi.gacogne@powerdns.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Brian,<br>
<br>
On 7/31/19 6:57 PM, Brian Sullivan wrote:<br>
> I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are<br>
> using a local/experimental optcode. For example, I have the following in<br>
> the dnsdist.conf file.<br>
> <br>
> addAction(EDNSOptionRule(65002), DropAction())<br>
> <br>
> and I see the rule in the webserver.<br>
> <br>
> [image: Screen Shot 2019-07-31 at 12.47.10 PM.png]<br>
> <br>
> and I sent a query with the ENDS Option and it doesn't get dropped. I know<br>
> this because I have a Lua script associated with the pdns recursor that is<br>
> processing that specific option.<br>
> <br>
> lua snippit<br>
> -- Special Code is in EDNS Option 65002<br>
> local specialcode = dq:getEDNSOption(65002)<br>
> if (specialcode) then<br>
> pdnslog("*************************** Special Code = "..specialcode)<br>
> end<br>
> <br>
> Log file Output<br>
> *************************** Special Code = BLAH<br>
> <br>
> Any idea on what is going on?<br>
<br>
Would you be able to share a capture of the query, or at least some way<br>
we can reproduce the issue? I did a quick test -albeit with a different<br>
option- and it worked correctly so I'm assuming I'm not exercising the<br>
same code path that you are.<br>
<br>
Best regards,<br>
-- <br>
Remi Gacogne<br>
PowerDNS.COM BV - <a href="https://www.powerdns.com/" rel="noreferrer" target="_blank">https://www.powerdns.com/</a><br>
<br>
_______________________________________________<br>
dnsdist mailing list<br>
<a href="mailto:dnsdist@mailman.powerdns.com" target="_blank">dnsdist@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><p><span></span><span><img src="https://docs.google.com/uc?export=download&id=0BzPp9aRH66f2d2JzS2ZRUHl6dEE&revid=0BzPp9aRH66f2SHFsTEhtT3JZUGs3aWwxY0MzSEF0VEJNVFJrPQ" width="200" height="50"> </span></p><p><span><span><font color="#666666">Brian M. Sullivan<br>Senior Staff Security Intelligence Engineer</font><br><font color="#0000ff"><a href="mailto:bsullivan@lookout.com" target="_blank">bsullivan@lookout.com</a></font> | <font color="#0000ff"><a href="http://www.lookout.com" target="_blank">www.lookout.com</a></font><font color="#666666"><br></font></span></span></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>