[Pdns-users] pdns recursor edns-client-subnet caching problems
Remi Gacogne
remi.gacogne at powerdns.com
Thu Aug 3 08:21:30 UTC 2017
On 08/03/2017 12:04 AM, Shawn Zhou wrote:
> I don't think that's the right behavior. If Client Subnet scope set to
> 0, resolver should not cache it.
> unbound DNS gives me the expected output as it cache has different
> entries for different client subnet. Why is pdns recursor's
> implementation different?
rfc7871 states that a Client Subnet scope set to 0 should be cached and
is suitable for all networks in section 7.3.1:
Records that are cached as /0 because of a query's SOURCE PREFIX-
LENGTH of 0 MUST be distinguished from those that are cached as /0
because of a response's SCOPE PREFIX-LENGTH of 0. The former should
only be used for other /0 queries that the Intermediate Resolver
receives, but the latter is suitable as a response for all networks.
It also hints so in section 7.3:
If no ECS option is contained in the response, the Intermediate
Nameserver SHOULD treat this as being equivalent to having received a
SCOPE PREFIX-LENGTH of 0, which is an answer suitable for all client
addresses.
Section 11.2 also states:
[...] to send a matching response with SCOPE
PREFIX-LENGTH set to 0 to get it cached for all hosts.
I might of course be mistaken, but it seems to me that we are currently
doing the right thing.
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170803/4af4d969/attachment.sig>
More information about the Pdns-users
mailing list