[Pdns-users] dns update across dnsdist

Remi Gacogne remi.gacogne at powerdns.com
Tue Feb 11 15:25:33 UTC 2020

On 2/11/20 12:39 PM, Marc Boisis via Pdns-users wrote:
> My dnsdist version is 1.3.3 and authoritative is 4.2.0


> I've found a diff with wireshark, before dnsdist I have just one
> aditional record containing the TSIG
> after dnsdist I have two additional records (TSIG and OPT with client
> subnet)

OK, so it looks like dnsdist is adding an OPT record with an EDNS Client
Subnet (in the wrong place, but that's a known issue that has only been
fixed recently, see [1]).
I'm also surprised that the authoritative server accepts such a DNS
packet where the TSIG record is not the last one, but let's forget that
for now.

> I try "newServer({address='', pool='auth-update',
> useClientSubnet=false })" or "newServer({address='',
> pool='auth-update', useClientSubnet=true })" but the result is the same.

Would you mind pasting your whole configuration? dnsdist doesn't add ECS
by default, so something in your configuration must be enabling ECS
addition somehow.

[1]: https://github.com/PowerDNS/pdns/issues/8098

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200211/0da51c4d/attachment.sig>

More information about the Pdns-users mailing list