[dnsdist] Self generetaed responses don't content ECS client-subnet information
Remi Gacogne
remi.gacogne at powerdns.com
Tue Jan 12 10:12:14 UTC 2021
Hi Alexander,
On 1/12/21 10:52 AM, Alexander Fateyev via dnsdist wrote:
> From google public DNS docs:
> "3. Authoritative name servers that implement ECS must respond to all
> ECS queries with ECS responses, including negative and referral responses."
>
> But dnsdist self-generated reponses don't have any CLIENT-SUBNET data,
> even if the query was with it, e.g. dig @server jhgjhgjhgjh.com
> <http://jhgjhgjhgjh.com> +subnet=1.2.3.4. As I can see, dnsdist
> truncates this data in addEDNSToQueryTurnedResponse function. Is there
> any way to fix it? I use self generated answers to generate negative
> responses for non-existing domains, but I have problems with google
> public DNS because of empty client-subnet in such responses.
I'm afraid we don't have any way to send EDNS Client Subnet information
to the client for self-generated answers, no, except if by crafting raw
bytes from Lua which would be a lot of work.
Adding an ECS scope to these answers sounds like a valid use-case, so
please open a feature request on our issue tracker [1] to make sure we
don't forget about it.
I personally think that Google should not rely on ECS being sent on
negative answers, as recommended by rfc7871 in section 7.4, but that
doesn't help you.
[1]: https://github.com/PowerDNS/pdns/issues/new/choose
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dnsdist
mailing list