[dnsdist] Self generetaed responses don't content ECS client-subnet information

Remi Gacogne remi.gacogne at powerdns.com
Tue Jan 12 10:12:14 UTC 2021

Hi Alexander,

On 1/12/21 10:52 AM, Alexander Fateyev via dnsdist wrote:
>  From google public DNS docs:
> "3. Authoritative name servers that implement ECS must respond to all 
> ECS queries with ECS responses, including negative and referral responses."
> But dnsdist self-generated reponses don't have any CLIENT-SUBNET data, 
> even if the query was with it, e.g. dig @server jhgjhgjhgjh.com 
> <http://jhgjhgjhgjh.com> +subnet= As I can see, dnsdist 
> truncates this data in addEDNSToQueryTurnedResponse function. Is there 
> any way to fix it? I use self generated answers to generate negative 
> responses for non-existing domains, but I have problems with google 
> public DNS because of empty client-subnet in such responses.

I'm afraid we don't have any way to send EDNS Client Subnet information 
to the client for self-generated answers, no, except if by crafting raw 
bytes from Lua which would be a lot of work.
Adding an ECS scope to these answers sounds like a valid use-case, so 
please open a feature request on our issue tracker [1] to make sure we 
don't forget about it.

I personally think that Google should not rely on ECS being sent on 
negative answers, as recommended by rfc7871 in section 7.4, but that 
doesn't help you.

[1]: https://github.com/PowerDNS/pdns/issues/new/choose

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

More information about the dnsdist mailing list