Hi, I am trying out pdns recursor 4.0.6 on Ubuntu Xenial and cache lookup for same record with and without client subnet give me the same result which is not expected. I expect [3] to return a different value as the cache should have different value based on client subnet. I wonder if that's bug with edns-client-subnet implementation with pdns or I miss something in the configuration file. Also, I noticed dig doesn't show "CLIENT-SUBNET: 52.57.28.138/32/16" when I dig against pdns but I get that when I dig it against the authoritative directly. see [4]. root@DFW01-CPS01:~# /etc/init.d/pdns-recursor restart * Restarting PowerDNS recursor pdns-recursor Aug 02 05:23:14 PowerDNS Recursor 4.0.6 (C) 2001-2016 PowerDNS.COM BV Aug 02 05:23:14 Using 64-bits mode. Built using gcc 5.4.0 20160609 on Jul 4 2017 15:43:52 by root@5ee67e1ed1a4. Aug 02 05:23:14 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Aug 02 05:23:14 Reading random entropy from '/dev/urandom' Aug 02 05:23:14 If using IPv6, please raise sysctl net.ipv6.route.max_size, currently set to 4096 which is < 16384 Aug 02 05:23:14 NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable Aug 02 05:23:14 Only allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 Aug 02 05:23:14 Will not send queries to: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, :: Aug 02 05:23:14 PowerDNS Recursor itself will distribute queries over threads Aug 02 05:23:14 Inserting rfc 1918 private space zones Aug 02 05:23:14 Listening for UDP queries on 127.0.0.1:53 Aug 02 05:23:14 Enabled TCP data-ready filter for (slight) DoS protection Aug 02 05:23:14 Listening for TCP queries on 127.0.0.1:53 Aug 02 05:23:14 Calling daemonize, going to background ...done. root@DFW01-CPS01:~# dig @127.0.0.1 +subnet=52.57.28.138 morpheus-ien.insnw.net
; <<>> DiG 9.11.0-P3 <<>> @127.0.0.1 +subnet=52.57.28.138 morpheus-ien.insnw.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;morpheus-ien.insnw.net. IN A ;; ANSWER SECTION: morpheus-ien.insnw.net. 3600 IN CNAME ien01-fra02.svc.insnw.net. ien01-fra02.svc.insnw.net. 600 IN A 35.156.66.126 ;; Query time: 142 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 02 05:24:06 GMT 2017 ;; MSG SIZE rcvd: 97 root@DFW01-CPS01:~# dig @127.0.0.1 morpheus-ien.insnw.net ; <<>> DiG 9.11.0-P3 <<>> @127.0.0.1 morpheus-ien.insnw.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 437 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;morpheus-ien.insnw.net. IN A ;; ANSWER SECTION: morpheus-ien.insnw.net. 3600 IN CNAME ins-091.inscname.net. ins-091.inscname.net. 3600 IN CNAME a-sg08sl07.insnw.net. a-sg08sl07.insnw.net. 3600 IN A 192.33.31.183 ;; Query time: 25 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 02 05:24:18 GMT 2017 ;; MSG SIZE rcvd: 123 [3] root@DFW01-CPS01:~# dig @127.0.0.1 +subnet=52.57.28.138 morpheus-ien.insnw.net ; <<>> DiG 9.11.0-P3 <<>> @127.0.0.1 +subnet=52.57.28.138 morpheus-ien.insnw.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19051 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;morpheus-ien.insnw.net. IN A ;; ANSWER SECTION: morpheus-ien.insnw.net. 3594 IN CNAME ins-091.inscname.net. ins-091.inscname.net. 3594 IN CNAME a-sg08sl07.insnw.net. a-sg08sl07.insnw.net. 3594 IN A 192.33.31.183 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 02 05:24:24 GMT 2017 ;; MSG SIZE rcvd: 123 [4]szhou@DFW01-CPS01:~$ dig @ns1.insnw.net +subnet=52.57.28.138 morpheus-ien.insnw.net ; <<>> DiG 9.11.0-P3 <<>> @ns1.insnw.net +subnet=52.57.28.138 morpheus-ien.insnw.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35637 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: bd357c1c04caaf44f7b0369b59816753474676b8d8dc2509 (good) ; CLIENT-SUBNET: 52.57.28.138/32/16 ;; QUESTION SECTION: ;morpheus-ien.insnw.net. IN A ;; ANSWER SECTION: morpheus-ien.insnw.net. 3600 IN CNAME ien01-fra02.svc.insnw.net. ien01-fra02.svc.insnw.net. 600 IN A 35.156.66.126 ;; AUTHORITY SECTION: insnw.net. 86400 IN NS ns2.insnw.net. insnw.net. 86400 IN NS ns1.insnw.net. ;; ADDITIONAL SECTION: ns1.insnw.net. 86400 IN A 192.33.29.21 ns2.insnw.net. 86400 IN A 192.33.29.22 ;; Query time: 0 msec ;; SERVER: 192.33.29.21#53(192.33.29.21) ;; WHEN: Wed Aug 02 05:46:59 GMT 2017 ;; MSG SIZE rcvd: 205 root@DFW01-CPS01:/etc/powerdns# grep -v \# /etc/powerdns/recursor.conf | sed -e '/^$/d' config-dir=/etc/powerdns ecs-ipv4-bits=16 edns-subnet-whitelist=insnw.net local-address=127.0.0.1 loglevel=9 setgid=pdns setuid=pdns use-incoming-edns-subnet=yes
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
