[Pdns-users] pdns-recursor: edns-subnet signalling
Peter van Dijk
peter.van.dijk at netherlabs.nl
Mon Aug 13 09:36:00 UTC 2012
Hello Niklas,
On Aug 9, 2012, at 23:50 , Niklas wrote:
> It appears I am not the only one who seeks clarification on the edns
> issue. Like [1] and [2] I found there is an option disable-edns in the
> recursor.conf and even a counter for outgoing edns queries exists:
> noedns-outqueries (found it with rec_controll get-all)
>
> Still when I enable this on the recursor, the queries getting to the
> resolver omit the real remote ip. Instead they contain the IP of the
> ISP DNS twice. Not only that, but queries already containing a edns
> part appear to be reformatted too.
EDNS is a generic extension mechanism; edns-subnet is a specific use of that
mechanism. The recursor has some EDNS support but no edns-subnet support.
> Requests send with dig + edns client subnet plugin
>
> a) directly
> -> Q xxx.abc IN SOA -1 10.0.0.109 10.0.1.4
> 10.0.1.13/32
auth+pipe picking up your edns-subnet data.
> b) via the recursor
> -> Q yyy.abc IN SOA -1 10.0.1.12 10.0.1.4
> 10.0.1.12/32
Recursor is not passing on edns-subnet data as it simply does not support doing so. Auth is
passing the pipebackend the recursor IP as the realRemote as it has nothing better.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list