[dnsdist] EDNSOptionRule not triggering?

Remi Gacogne remi.gacogne at powerdns.com
Wed Jul 31 20:03:49 UTC 2019 

On 7/31/19 9:47 PM, Brian Sullivan wrote:
> Sure let me put something together with some generic data and send you the
> trace. By the way, could you send me the rule you used? I tried a few known
> EDNS Options and those did not work for me either. There isn't anything
> that I need to enable for this to work?

I tested with:

addAction(EDNSOptionRule(10), DropAction())

and confirmed with dig that a query with a cookie is blocked, while a
query without any cookie is allowed. I also tested a query with no
cookie but with an EDNS Client Subnet option and this one was allowed as
well.
Note that we also have a regression test that checks that a query with
an EDNS Client Subnet option is dropped instead:

https://github.com/PowerDNS/pdns/blob/master/regression-tests.dnsdist/test_Advanced.py#L1536

> Depending on timing I may not get to this before Friday my time.

Understood, thank you!

Remi

> On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne <remi.gacogne at powerdns.com>
> wrote:
> 
>> Hi Brian,
>>
>> On 7/31/19 6:57 PM, Brian Sullivan wrote:
>>> I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are
>>> using a local/experimental optcode. For example, I have the following in
>>> the dnsdist.conf file.
>>>
>>> addAction(EDNSOptionRule(65002), DropAction())
>>>
>>> and I see the rule in the webserver.
>>>
>>> [image: Screen Shot 2019-07-31 at 12.47.10 PM.png]
>>>
>>> and I sent a query with the ENDS Option and it doesn't get dropped. I
>> know
>>> this because I have a Lua script associated with the pdns recursor that
>> is
>>> processing that specific option.
>>>
>>> lua snippit
>>>       -- Special Code is in EDNS Option 65002
>>>       local specialcode = dq:getEDNSOption(65002)
>>>       if (specialcode) then
>>>         pdnslog("*************************** Special Code =
>> "..specialcode)
>>>       end
>>>
>>> Log file Output
>>> *************************** Special Code = BLAH
>>>
>>> Any idea on what is going on?
>>
>> Would you be able to share a capture of the query, or at least some way
>> we can reproduce the issue? I did a quick test -albeit with a different
>> option- and it worked correctly so I'm assuming I'm not exercising the
>> same code path that you are.
>>
>> Best regards,
>> --
>> Remi Gacogne
>> PowerDNS.COM BV - https://www.powerdns.com/
>>
>> _______________________________________________
>> dnsdist mailing list
>> dnsdist at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>>
> 
> 


-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190731/a84e9e9b/attachment.sig>

More information about the dnsdist mailing list