Maintained by: NLnet Labs

[Unbound-users] EDNS client subnet tests

Eduardo Schoedler
Thu Apr 30 22:36:11 CEST 2015


Hi Yuri,

Now I got to compile and install it. Thanks.

Output from a query:

root at lin:~# dig-edns @127.0.0.1 google.com +client=179.x.x.0/24

; <<>> DiG 9.9.3-P2 <<>> @127.0.0.1 google.com +client=179.x.x.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63486
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 179.x.x.0/24/0 ******* <====
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             144     IN      A       201.x.x.226
google.com.             144     IN      A       201.x.x.212
google.com.             144     IN      A       201.x.x.236
google.com.             144     IN      A       201.x.x.231
google.com.             144     IN      A       201.x.x.217
google.com.             144     IN      A       201.x.x.221
google.com.             144     IN      A       201.x.x.227
google.com.             144     IN      A       201.x.x.232
google.com.             144     IN      A       201.x.x.237
google.com.             144     IN      A       201.x.x.251
google.com.             144     IN      A       201.x.x.241
google.com.             144     IN      A       201.x.x.216
google.com.             144     IN      A       201.x.x.246
google.com.             144     IN      A       201.x.x.222
google.com.             144     IN      A       201.x.x.247
google.com.             144     IN      A       201.x.x.242

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 30 17:21:16 BRT 2015
;; MSG SIZE  rcvd: 306


What parameters are available to configure in subnetcache module?

Thanks again.

--
Eduardo Schoedler





2015-04-30 5:10 GMT-03:00 Yuri Schaeffer <yuri at nlnetlabs.nl>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ah yes my bad. I broke the branch last Tuesday while updating the code
> to the latest trunk. Should be working now.
>
> //Yuri
>
> On 30-04-15 01:45, Eduardo Schoedler wrote:
>> Hi Yuri,
>>
>> Thanks.
>>
>> I'm trying to compile the edns-subnet from svn branch, I'm getting
>> errors:
>>
>> configure: Stripping extension flags... configure: creating
>> ./config.status config.status: creating Makefile config.status:
>> creating doc/example.conf config.status: creating doc/libunbound.3
>> config.status: creating doc/unbound.8 config.status: creating
>> doc/unbound-anchor.8 config.status: creating
>> doc/unbound-checkconf.8 config.status: creating doc/unbound.conf.5
>> config.status: creating doc/unbound-control.8 config.status:
>> creating doc/unbound-host.1 config.status: error: cannot find input
>> file: `smallapp/unbound-control-setup.sh.in'
>>
>> Copying file from trunk gives me other error:
>>
>> configure: Stripping extension flags... configure: creating
>> ./config.status config.status: creating Makefile config.status:
>> creating doc/example.conf config.status: creating doc/libunbound.3
>> config.status: creating doc/unbound.8 config.status: creating
>> doc/unbound-anchor.8 config.status: creating
>> doc/unbound-checkconf.8 config.status: creating doc/unbound.conf.5
>> config.status: creating doc/unbound-control.8 config.status:
>> creating doc/unbound-host.1 config.status: creating
>> smallapp/unbound-control-setup.sh config.status: error: cannot find
>> input file: `dnstap/dnstap_config.h.in'
>>
>> This time configure runs ok, but make not:
>>
>> # make make: *** No rule to make target `sldns/pkthdr.h', needed by
>> `dns.lo'.  Stop.
>>
>> What I'm doing wrong?
>>
>> Thanks.
>>
>>
>> 2015-04-29 17:06 GMT-03:00 Yuri Schaeffer <yuri at nlnetlabs.nl>:
>>>>> How can I know if I have edns-client-subnet support enabled
>>>>> in my dns recursor?
>>
>> You haven't. Unbound does not have official support for it. There
>> is an experimental branch in our svn repository though. It is not
>> quite stable yet and if you had used that you would not be asking
>> this question I suppose.
>>
>> In case you pulled that branch you should have passed
>> --enable-subnet to the configure script (check your config.log).
>> Your unbound.conf file should include: module-config: "subnetcache
>> validator iterator"
>>
>> //Yuri
>>
>>>>> I'm using Version 1.5.1 linked libs: libevent 2.0.21-stable
>>>>> (it uses epoll), OpenSSL 1.0.1f 6 Jan 2014 linked modules:
>>>>> dns64 validator iterator
>>>>>
>>>>> Thanks in advance.
>>>>>
>>> _______________________________________________ Unbound-users
>>> mailing list Unbound-users at unbound.net
>>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>>
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlVB42kACgkQI3PTR4mhavgcagCgnSs/jvAkHLnB5KU2IiROv6c1
> 3JEAnjMEgFJPAlkv6Lu5VG4jCVloI6Md
> =GAI8
> -----END PGP SIGNATURE-----



-- 
Eduardo Schoedler