Hello Peter, thanks for the clarification. Are there any plans to add edns-client-subnet support to the recursor in the forseeable future?
Best, Niklas On Mon, Aug 13, 2012 at 11:36 AM, Peter van Dijk <[email protected]> wrote: > Hello Niklas, > > On Aug 9, 2012, at 23:50 , Niklas wrote: > >> It appears I am not the only one who seeks clarification on the edns >> issue. Like [1] and [2] I found there is an option disable-edns in the >> recursor.conf and even a counter for outgoing edns queries exists: >> noedns-outqueries (found it with rec_controll get-all) >> >> Still when I enable this on the recursor, the queries getting to the >> resolver omit the real remote ip. Instead they contain the IP of the >> ISP DNS twice. Not only that, but queries already containing a edns >> part appear to be reformatted too. > > EDNS is a generic extension mechanism; edns-subnet is a specific use of that > mechanism. The recursor has some EDNS support but no edns-subnet support. > >> Requests send with dig + edns client subnet plugin >> >> a) directly >> -> Q xxx.abc IN SOA -1 10.0.0.109 10.0.1.4 >> 10.0.1.13/32 > > auth+pipe picking up your edns-subnet data. > >> b) via the recursor >> -> Q yyy.abc IN SOA -1 10.0.1.12 10.0.1.4 >> 10.0.1.12/32 > > Recursor is not passing on edns-subnet data as it simply does not support > doing so. Auth is > passing the pipebackend the recursor IP as the realRemote as it has nothing > better. > > Kind regards, > -- > Peter van Dijk > Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
