[Pdns-users] edns client subnet with netmask
Xek PL
pl-xek at yandex.ru
Fri Sep 2 07:05:32 UTC 2011
Hello,
I'm testing edns-client-subnet feature (pdns-static-3.0-1.x86_64.rpm)
When request goes with netmask /32 (e.g. 1.2.3.0/32)- it's OK.
Pipe backend receive IP/32 in last field.
RECV: Q example.com IN SOA -1 127.0.0.1 0.0.0.0 1.2.3.0/32
But when request has smaller netmask (1.2.3.0/24) , information about client subnet doesn't sent to pipe backend:
RECV: Q example.com IN SOA -1 127.0.0.1 0.0.0.0 127.0.0.1/32
----------------------
/etc/powerdns/pdns.conf:
launch=pipe
pipe-command=/opt/resolver/bin/t.pl
local-port=53
distributor-threads=4
query-cache-ttl=0
cache-ttl=0
loglevel=9
# v2 - for pdns 2.9
#pipebackend-abi-version=2
# v3 - for pdns 3 with edns-client-subnet
pipebackend-abi-version=3
edns-subnet-processing=yes
------------------------
Requests
1. OK with /32
$ /opt/bind-9.7.4/bin/dig @127.0.0.1 example.com +client=1.2.3.0
; <<>> DiG 9.7.4 <<>> @127.0.0.1 example.com +client=1.2.3.0
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55758
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
; CLIENT-SUBNET: 1.2.3.0/32/0
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 2362 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 2 10:41:09 2011
;; MSG SIZE rcvd: 52
IN backend request log:
RECV: Q example.com IN SOA -1 127.0.0.1 0.0.0.0 1.2.3.0/32
2. Failure with /24
$ /opt/bind-9.7.4/bin/dig @127.0.0.1 example.com +client=1.2.3.0/24
; <<>> DiG 9.7.4 <<>> @127.0.0.1 example.com +client=1.2.3.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1546
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 2087 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 2 10:41:28 2011
;; MSG SIZE rcvd: 29
In backend request log:
RECV: Q example.com IN SOA -1 127.0.0.1 0.0.0.0 127.0.0.1/32
3. Just check against google dns with /24
$ /opt/bind-9.7.4/bin/dig @8.8.8.8 example.com +client=1.2.3.0/24
; <<>> DiG 9.7.4 <<>> @8.8.8.8 example.com +client=1.2.3.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4413
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 1.2.3.0/24/0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 58586 IN A 192.0.43.10
;; Query time: 212 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 2 10:47:45 2011
;; MSG SIZE rcvd: 67
Regards,
Paul
More information about the Pdns-users
mailing list