From remi.gacogne at powerdns.com Tue Oct 1 07:37:17 2024 From: remi.gacogne at powerdns.com (Remi Gacogne) Date: Tue, 1 Oct 2024 09:37:17 +0200 Subject: [dnsdist] How get ECS in DnsDist logs ? In-Reply-To: References: Message-ID: Hi David, On 30/09/2024 15:28, david n via dnsdist wrote: > I?m trying to log the client subnet with DnsDist, actually I only have > the IP of the DNS server requesting : > > [1727699139.669387387] Packet from 192.29.141.4:38506 for foo.bar. A > with id 51444 We don't currently have the ability to log incoming EDNS Client Subnet in DNSdist, I'm afraid. The main reason is that we usually don't really care: either the existing value is preserved and passed to the backend, or we overwrite it. There is no use-case I'm aware of where we process the ECS value in DNSdist itself. It doesn't mean that it wouldn't be helpful to be able to log it, to be clear, I would be happy to merge such a feature if someone were to contribute it. You can open a feature request [1] so we don't forget about it. [1]: https://github.com/PowerDNS/pdns/issues/new/choose Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From david.neau at orange.com Tue Oct 1 11:36:28 2024 From: david.neau at orange.com (david.neau at orange.com) Date: Tue, 1 Oct 2024 11:36:28 +0000 Subject: [dnsdist] How get ECS in DnsDist logs ? Message-ID: Hello Remy Thanks for your answer. My goal was to have a clear view of the percentage of EDNS requests versus no EDNS. I don't know if this use case is relevant for other people. Regards /d Orange Restricted Orange Restricted ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From remi.gacogne at powerdns.com Tue Oct 1 12:07:01 2024 From: remi.gacogne at powerdns.com (Remi Gacogne) Date: Tue, 1 Oct 2024 14:07:01 +0200 Subject: [dnsdist] How get ECS in DnsDist logs ? In-Reply-To: References: Message-ID: <98376bcd-d0e9-4440-9aa8-43e06c937c64@powerdns.com> On 01/10/2024 13:36, david n via dnsdist wrote: > My goal was to have a clear view of the percentage of EDNS requests > versus no EDNS. EDNS, or ECS? If you only want to look at percentages, you could create custom metrics [1] and increase them from Lua when a rule matches ([2] for EDNS, [3] for ECS at first glance). Or, just look at the rule counters to know how many queries matched, and then you don't even need custom metrics. [1]: https://dnsdist.org/reference/custommetrics.html [2]: https://dnsdist.org/reference/selectors.html#EDNSVersionRule [3]: https://dnsdist.org/reference/selectors.html#EDNSOptionRule Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From remi.gacogne at powerdns.com Fri Oct 4 12:12:32 2024 From: remi.gacogne at powerdns.com (Remi Gacogne) Date: Fri, 4 Oct 2024 14:12:32 +0200 Subject: [dnsdist] PowerDNS DNSdist 1.9.7 released Message-ID: Hello! We released PowerDNS DNSdist 1.9.7 today, fixing several issues: - A race condition in the processing of incoming DNS over TLS connections could cause a crash if TLS certificates were reloaded from the console while processing a TLS handshake - Processing a proxy protocol payload present outside of the TLS layer was broken for incoming DNS over TLS connections - The byte-ordering of EDNS flags was reversed after some operations, like setting an extended DNS error status - EDNS was not properly added to responses generated from raw record data, preventing for example the use of extended DNS error statuses - eBPF filtering did interact badly with DNS over QUIC and DNS over HTTP3 queries - The expiry timestamp reported by the Lua binding for Dynamic Blocks could not be used easily - Removing a server early could cause an error because the default pool did not exist yet A few improvements were also made: - Timeouts are no longer reported by topSlow, and can instead be examined with topTimeouts - Passing a large value to setMaxTCPClientThreads now triggers a warning - A Lua FFI binding has been added to access incoming proxy protocol values - The Rust version we use to build our packages was upgraded to 1.78 - The Quiche library used for QUIC was upgraded to 0.22.0 in our packages We also fixed two minor incompatibility issues preventing DNSdist from being built with newer versions of gcc, clang and the Boost library. Please see the DNSdist website [1] for the more complete changelog [2] and the current documentation. The upgrade guide is also available there [3]. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub [4]. The release tarball [5] and its signature [6] are available on the downloads website, and packages for several distributions are available from our repository [7]. [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html#change-1.9.7 [3]: https://dnsdist.org/upgrade_guide.html [4]: https://github.com/PowerDNS/pdns/issues/new/choose [5]: https://downloads.powerdns.com/releases/dnsdist-1.9.7.tar.bz2 [6]: https://downloads.powerdns.com/releases/dnsdist-1.9.7.tar.bz2.sig [7]: https://repo.powerdns.com Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: