Hi Yuri, I've done a bit of testing with this and found a few issues.
1) The returned record does not update based on geoip when using different subnets. This happen only when the first request a given name does not have a client subnet passed with it: root@dnsr001:~/src/edns-subnet# /EdgeCast/ecdns/bin/dig_iana +ttl @localhost gp1.wpc.edgecastcdn.net ; <<>> DiG 9.9.3-P1 <<>> +ttl @localhost gp1.wpc.edgecastcdn.net ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43765 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;gp1.wpc.edgecastcdn.net. IN A ;; ANSWER SECTION: gp1.wpc.edgecastcdn.net. 3600 IN A 72.21.81.253 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri May 02 19:48:02 UTC 2014 ;; MSG SIZE rcvd: 68 root@dnsr001:~/src/edns-subnet# cd util/data/^C root@dnsr001:~/src/edns-subnet# /EdgeCast/ecdns/bin/dig_iana +ttl @localhost gp1.wpc.edgecastcdn.net +client=110.232.0.0/24 ; <<>> DiG 9.9.3-P1 <<>> +ttl @localhost gp1.wpc.edgecastcdn.net +client= 110.232.0.0/24 ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21321 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; CLIENT-SUBNET: 110.232.0.0/24/0 ;; QUESTION SECTION: ;gp1.wpc.edgecastcdn.net. IN A ;; ANSWER SECTION: gp1.wpc.edgecastcdn.net. 3591 IN A 72.21.81.253 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri May 02 19:48:11 UTC 2014 ;; MSG SIZE rcvd: 79 root@dnsr001:~/src/edns-subnet# unbound-control flush gp1.wpc.edgecastcdn.net ok root@dnsr001:~/src/edns-subnet# /EdgeCast/ecdns/bin/dig_iana +ttl @localhost gp1.wpc.edgecastcdn.net +client=110.232.0.0/24 ; <<>> DiG 9.9.3-P1 <<>> +ttl @localhost gp1.wpc.edgecastcdn.net +client= 110.232.0.0/24 ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36195 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; CLIENT-SUBNET: 110.232.0.0/24/19 ;; QUESTION SECTION: ;gp1.wpc.edgecastcdn.net. IN A ;; ANSWER SECTION: gp1.wpc.edgecastcdn.net. 3600 IN A 117.18.232.133 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri May 02 19:48:56 UTC 2014 ;; MSG SIZE rcvd: 79 2) The TTL returned when edns-subnet is passed does not change over time: At one point I had a working patch to fix this issue, however I am unable to find the whole patch at this time. I do have a small patch that sets the correct ttl in the reply from edns-subnet/subnetmod.c to utils/data/msgreply.c however I'm missing the msgreply.c piece that correctly set the response.(See attached patch for the first part) I believe this is happening because the cache tree for client-subnets is different from the standard cache tree. root@dnsr001:~/src/edns-subnet# date; /EdgeCast/ecdns/bin/dig_iana @localhost gp1.wpc.edgecastcdn.net +client=110.232.0.0/24 Fri May 2 16:23:20 UTC 2014 ; <<>> DiG 9.9.3-P1 <<>> @localhost gp1.wpc.edgecastcdn.net +client= 110.232.0.0/24 ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33335 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; CLIENT-SUBNET: 110.232.0.0/24/19 ;; QUESTION SECTION: ;gp1.wpc.edgecastcdn.net. IN A ;; ANSWER SECTION: gp1.wpc.edgecastcdn.net. 3600 IN A 117.18.232.133 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri May 02 16:23:20 UTC 2014 ;; MSG SIZE rcvd: 79 root@dnsr001:~/src/edns-subnet# date; /EdgeCast/ecdns/bin/dig_iana @localhost gp1.wpc.edgecastcdn.net +client=110.232.0.0/24 Fri May 2 16:29:49 UTC 2014 ; <<>> DiG 9.9.3-P1 <<>> @localhost gp1.wpc.edgecastcdn.net +client= 110.232.0.0/24 ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17943 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; CLIENT-SUBNET: 110.232.0.0/24/19 ;; QUESTION SECTION: ;gp1.wpc.edgecastcdn.net. IN A ;; ANSWER SECTION: gp1.wpc.edgecastcdn.net. 3600 IN A 117.18.232.133 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri May 02 16:29:49 UTC 2014 ;; MSG SIZE rcvd: 79 3) unbound-control marks all edns-subnet hits as misses: root@dnsr001:~/src/edns-subnet# unbound-control stats_noreset thread0.num.queries=5 thread0.num.cachehits=0 thread0.num.cachemiss=5 thread0.num.prefetch=0 thread0.num.recursivereplies=5 thread0.requestlist.avg=0 thread0.requestlist.max=0 thread0.requestlist.overwritten=0 thread0.requestlist.exceeded=0 thread0.requestlist.current.all=0 thread0.requestlist.current.user=0 thread0.recursion.time.avg=0.000522 thread0.recursion.time.median=6.25e-07 total.num.queries=5 total.num.cachehits=0 total.num.cachemiss=5 total.num.prefetch=0 total.num.recursivereplies=5 total.requestlist.avg=0 total.requestlist.max=0 total.requestlist.overwritten=0 total.requestlist.exceeded=0 total.requestlist.current.all=0 total.requestlist.current.user=0 total.recursion.time.avg=0.000522 total.recursion.time.median=6.25e-07 time.now=1399048264.960805 time.up=616.002507 time.elapsed=616.002507 May 02 16:29:49 unbound[13363:0] info: 127.0.0.1 gp1.wpc.edgecastcdn.net. A IN May 02 16:29:49 unbound[13363:0] debug: udp request from ip4 127.0.0.1 port 50867 (len 16) May 02 16:29:49 unbound[13363:0] debug: mesh_run: start May 02 16:29:49 unbound[13363:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_new May 02 16:29:49 unbound[13363:0] info: subnet operate: query gp1.wpc.edgecastcdn.net. A IN May 02 16:29:49 unbound[13363:0] debug: subnet: answered from cache -Larry On Thu, May 1, 2014 at 1:52 PM, Yuri Schaeffer <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Larry, > > > I was wondering if there was a timeline for completing this > > addition to unbound. Looking at the svn branch for edns client > > subnets it looks like the last commit was about 6 months > > ago(2013/11/19). > > There have been no commits to this branch since then because the > feature is complete. We've been in a catch-22: To our knowledge nobody > actually tried to use it so we are hesitant to call it production > code, but everyone interested seems to wait until we call it > production code. > > To get out of this situation we've decided to include it as a patch in > contrib/ of the regular release. We do however need to do some work to > get it there (think continues integration tests). I don't have a clear > timeline for it as it is low priority, but I intend to allocate some > time for it each week. > > Regards, > Yuri > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Icedove - http://www.enigmail.net/ > > iEYEARECAAYFAlNitBgACgkQI3PTR4mhavg9ggCeNz3jtk0UHagY6MJRACcXTf1K > P0MAoInQiPsZGv9AyoZce3/ZGt9/37Pd > =HfnZ > -----END PGP SIGNATURE----- > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users >
subnetmod.c-patch
Description: Binary data
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
