Re: What is the meaning of an ecs log

2022-12-08 Thread Greg Choules via bind-users 
Hi Mik.
The Client Subnet in DNS Queries  RFC
should explain all.
Essentially there are two masks in the ECS option - source prefix length
and scope prefix length.
ECS-enabled recursive servers (like Google or BIND -S edition) will set the
source prefix length to whatever has been configured; in this case /24. But
they MUST set the scope prefix length to zero because this field is
intended for use by an ECS enabled authoritative server to signal (in its
response) the prefix to which it applies.

I hope that helps.
Cheers, Greg

On Thu, 8 Dec 2022 at 07:04, Mik J via bind-users 
wrote:

> Thank you for your answer and pointing out this information.
>
> When I showed you this message
> client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org
> IN A -E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0
>
> This query was to my authoritative server which holds example.org
> The client IP is a Google DNS public IP (I had changed the IP to
> 172.16.11.2)
> And the 192.168.2.0/24 prefix is a prefix from a hosting company in
> Turkey (I had changed the IP)
>
> So I suppose that a machine hosted in that 192.168.2.0/24 subnet use
> google DNS as a resolver. And that resolver is quering my authoritative DNS.
>
> I had read the documentation and this /0 is noted as a scope
> "a statement which appears in a zone block has scope only for that zone"
> I understand this sentence but I don't understand this /0
>
> In my logs it's always a /0
> I'm wondering in which case it could be different that a /0
>
>
>
>
> Le jeudi 8 décembre 2022 à 02:36:40 UTC+1, Darren Ankney <
> darren.ank...@gmail.com> a écrit :
>
>
>
>
>
> Found the answer in the manual:
>
> "Finally, if any CLIENT-SUBNET option was present in the client query,
> it is included in square brackets in the format [ECS
> address/source/scope]."
>
> https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-category
>
> On Wed, Dec 7, 2022 at 8:25 PM Mik J via bind-users
>  wrote:
> >
> > Hello Daren,
> >
> > The entire message is
> > client @0x53eda9122d0 172.16.11.2#48171 (example.org): query:
> example.org IN A -E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0]
> >
> > The version is: 9.18.7
> > It's both autoritative and recursive
> >
> >
> >
> >
> > Le jeudi 8 décembre 2022 à 01:56:57 UTC+1, Darren Ankney <
> darren.ank...@gmail.com> a écrit :
> >
> >
> >
> >
> >
> > Is that the entire log message or just part of it?  Is this a
> > recursive or authoritative name server?  What version of bind?
> >
> > Logging is covered in the manual though I don't really see a
> > comprehensive explanation of message format (maybe it's there and I'm
> > just not seeing it).
> >
> https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-grammar
> >
> > On Wed, Dec 7, 2022 at 7:42 PM Mik J via bind-users
> >  wrote:
> > >
> > > Hello,
> > > I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is
> the last /0 part.
> > > Where can I get an explanation ?
> > > Regards
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> >
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> >
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is the meaning of an ecs log

2022-12-07 Thread Mik J via bind-users 
Thank you for your answer and pointing out this information.

When I showed you this message
client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN A 
-E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0

This query was to my authoritative server which holds example.org
The client IP is a Google DNS public IP (I had changed the IP to 172.16.11.2)
And the 192.168.2.0/24 prefix is a prefix from a hosting company in Turkey (I 
had changed the IP)

So I suppose that a machine hosted in that 192.168.2.0/24 subnet use google DNS 
as a resolver. And that resolver is quering my authoritative DNS.

I had read the documentation and this /0 is noted as a scope
"a statement which appears in a zone block has scope only for that zone"
I understand this sentence but I don't understand this /0

In my logs it's always a /0
I'm wondering in which case it could be different that a /0




Le jeudi 8 décembre 2022 à 02:36:40 UTC+1, Darren Ankney 
 a écrit : 





Found the answer in the manual:

"Finally, if any CLIENT-SUBNET option was present in the client query,
it is included in square brackets in the format [ECS
address/source/scope]."
https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-category

On Wed, Dec 7, 2022 at 8:25 PM Mik J via bind-users
 wrote:
>
> Hello Daren,
>
> The entire message is
> client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN 
> A -E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0]
>
> The version is: 9.18.7
> It's both autoritative and recursive
>
>
>
>
> Le jeudi 8 décembre 2022 à 01:56:57 UTC+1, Darren Ankney 
>  a écrit :
>
>
>
>
>
> Is that the entire log message or just part of it?  Is this a
> recursive or authoritative name server?  What version of bind?
>
> Logging is covered in the manual though I don't really see a
> comprehensive explanation of message format (maybe it's there and I'm
> just not seeing it).
> https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-grammar
>
> On Wed, Dec 7, 2022 at 7:42 PM Mik J via bind-users
>  wrote:
> >
> > Hello,
> > I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the 
> > last /0 part.
> > Where can I get an explanation ?
> > Regards
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
>
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
>
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is the meaning of an ecs log

2022-12-07 Thread Darren Ankney 
Found the answer in the manual:

"Finally, if any CLIENT-SUBNET option was present in the client query,
it is included in square brackets in the format [ECS
address/source/scope]."
https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-category

On Wed, Dec 7, 2022 at 8:25 PM Mik J via bind-users
 wrote:
>
> Hello Daren,
>
> The entire message is
> client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN 
> A -E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0]
>
> The version is: 9.18.7
> It's both autoritative and recursive
>
>
>
>
> Le jeudi 8 décembre 2022 à 01:56:57 UTC+1, Darren Ankney 
>  a écrit :
>
>
>
>
>
> Is that the entire log message or just part of it?  Is this a
> recursive or authoritative name server?  What version of bind?
>
> Logging is covered in the manual though I don't really see a
> comprehensive explanation of message format (maybe it's there and I'm
> just not seeing it).
> https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-grammar
>
> On Wed, Dec 7, 2022 at 7:42 PM Mik J via bind-users
>  wrote:
> >
> > Hello,
> > I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the 
> > last /0 part.
> > Where can I get an explanation ?
> > Regards
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
>
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
>
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is the meaning of an ecs log

2022-12-07 Thread Mik J via bind-users 
Hello Daren,

The entire message is
client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN A 
-E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0]

The version is: 9.18.7
It's both autoritative and recursive




Le jeudi 8 décembre 2022 à 01:56:57 UTC+1, Darren Ankney 
 a écrit : 





Is that the entire log message or just part of it?  Is this a
recursive or authoritative name server?  What version of bind?

Logging is covered in the manual though I don't really see a
comprehensive explanation of message format (maybe it's there and I'm
just not seeing it).
https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-grammar

On Wed, Dec 7, 2022 at 7:42 PM Mik J via bind-users
 wrote:
>
> Hello,
> I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the 
> last /0 part.
> Where can I get an explanation ?
> Regards
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is the meaning of an ecs log

2022-12-07 Thread Darren Ankney 
Is that the entire log message or just part of it?  Is this a
recursive or authoritative name server?  What version of bind?

Logging is covered in the manual though I don't really see a
comprehensive explanation of message format (maybe it's there and I'm
just not seeing it).
https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-grammar

On Wed, Dec 7, 2022 at 7:42 PM Mik J via bind-users
 wrote:
>
> Hello,
> I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the 
> last /0 part.
> Where can I get an explanation ?
> Regards
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users