On 2/11/20 12:39 PM, Marc Boisis via Pdns-users wrote: > My dnsdist version is 1.3.3 and authoritative is 4.2.0
Thanks! > I've found a diff with wireshark, before dnsdist I have just one > aditional record containing the TSIG > after dnsdist I have two additional records (TSIG and OPT with client > subnet) OK, so it looks like dnsdist is adding an OPT record with an EDNS Client Subnet (in the wrong place, but that's a known issue that has only been fixed recently, see [1]). I'm also surprised that the authoritative server accepts such a DNS packet where the TSIG record is not the last one, but let's forget that for now. > I try "newServer({address='127.0.0.1:5300', pool='auth-update', > useClientSubnet=false })" or "newServer({address='127.0.0.1:5300', > pool='auth-update', useClientSubnet=true })" but the result is the same. Would you mind pasting your whole configuration? dnsdist doesn't add ECS by default, so something in your configuration must be enabling ECS addition somehow. [1]: https://github.com/PowerDNS/pdns/issues/8098 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users