[Pdns-users] pdns-recursor: edns-subnet signalling
Niklas
metaswirl at gmail.com
Mon Aug 13 09:42:33 UTC 2012
Hello Peter,
thanks for the clarification. Are there any plans to add
edns-client-subnet support to the recursor in the forseeable future?
Best,
Niklas
On Mon, Aug 13, 2012 at 11:36 AM, Peter van Dijk
<peter.van.dijk at netherlabs.nl> wrote:
> Hello Niklas,
>
> On Aug 9, 2012, at 23:50 , Niklas wrote:
>
>> It appears I am not the only one who seeks clarification on the edns
>> issue. Like [1] and [2] I found there is an option disable-edns in the
>> recursor.conf and even a counter for outgoing edns queries exists:
>> noedns-outqueries (found it with rec_controll get-all)
>>
>> Still when I enable this on the recursor, the queries getting to the
>> resolver omit the real remote ip. Instead they contain the IP of the
>> ISP DNS twice. Not only that, but queries already containing a edns
>> part appear to be reformatted too.
>
> EDNS is a generic extension mechanism; edns-subnet is a specific use of that
> mechanism. The recursor has some EDNS support but no edns-subnet support.
>
>> Requests send with dig + edns client subnet plugin
>>
>> a) directly
>> -> Q xxx.abc IN SOA -1 10.0.0.109 10.0.1.4
>> 10.0.1.13/32
>
> auth+pipe picking up your edns-subnet data.
>
>> b) via the recursor
>> -> Q yyy.abc IN SOA -1 10.0.1.12 10.0.1.4
>> 10.0.1.12/32
>
> Recursor is not passing on edns-subnet data as it simply does not support doing so. Auth is
> passing the pipebackend the recursor IP as the realRemote as it has nothing better.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list