[Pdns-users] pdns recursor edns-client-subnet caching problems
Remi Gacogne
remi.gacogne at powerdns.com
Wed Aug 2 09:02:10 UTC 2017
Hi Shawn,
On 08/02/2017 08:47 AM, Shawn Zhou wrote:
> Sorry. I meant the authoritative nameserver did respond with the correct answer.
The authoritative server answers with a EDNS Client Subnet scope set to
0 when we send a query with a source set to 127.0.0.1/32, meaning that
we can cache the answer and use it for any source:
$ dig @ns1.insnw.net +subnet=127.0.0.1 morpheus-ien.insnw.net
; <<>> DiG 9.11.2 <<>> @ns1.insnw.net +subnet=127.0.0.1
morpheus-ien.insnw.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41118
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b560d095f78df047eb13a9a85981941eb2b38c5376e87bb2 (good)
; CLIENT-SUBNET: 127.0.0.1/32/0
[...]
Once this answer is in our cache, we will use it until it expires and
won't look for most specific answers, regardless of the ECS value of the
query.
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170802/262cd6f8/attachment.sig>
More information about the Pdns-users
mailing list