[dnsdist] EDNSOptionRule not triggering?

Brian Sullivan brian.sullivan at lookout.com
Wed Jul 31 19:47:54 UTC 2019 

Hi Remi,

Sure let me put something together with some generic data and send you the
trace. By the way, could you send me the rule you used? I tried a few known
EDNS Options and those did not work for me either. There isn't anything
that I need to enable for this to work?

Depending on timing I may not get to this before Friday my time.

Thanks,
brian


On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne <remi.gacogne at powerdns.com>
wrote:

> Hi Brian,
>
> On 7/31/19 6:57 PM, Brian Sullivan wrote:
> > I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are
> > using a local/experimental optcode. For example, I have the following in
> > the dnsdist.conf file.
> >
> > addAction(EDNSOptionRule(65002), DropAction())
> >
> > and I see the rule in the webserver.
> >
> > [image: Screen Shot 2019-07-31 at 12.47.10 PM.png]
> >
> > and I sent a query with the ENDS Option and it doesn't get dropped. I
> know
> > this because I have a Lua script associated with the pdns recursor that
> is
> > processing that specific option.
> >
> > lua snippit
> >       -- Special Code is in EDNS Option 65002
> >       local specialcode = dq:getEDNSOption(65002)
> >       if (specialcode) then
> >         pdnslog("*************************** Special Code =
> "..specialcode)
> >       end
> >
> > Log file Output
> > *************************** Special Code = BLAH
> >
> > Any idea on what is going on?
>
> Would you be able to share a capture of the query, or at least some way
> we can reproduce the issue? I did a quick test -albeit with a different
> option- and it worked correctly so I'm assuming I'm not exercising the
> same code path that you are.
>
> Best regards,
> --
> Remi Gacogne
> PowerDNS.COM BV - https://www.powerdns.com/
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>


-- 



Brian M. Sullivan
Senior Staff Security Intelligence Engineer
bsullivan at lookout.com |  www.lookout.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190731/7f6fd924/attachment-0001.html>

More information about the dnsdist mailing list