Hi,
How can I know if I have edns-client-subnet support enabled in my dns recursor?
I'm using Version 1.5.1
linked libs: libevent 2.0.21-stable (it uses epoll), OpenSSL 1.0.1f 6 Jan 2014
linked modules: dns64 validator iterator
Thanks in advance.
How can I know if I have edns-client-subnet support enabled in my
dns recursor?
You haven't. Unbound does not have official support for it. There is
an experimental branch in our svn repository though. It is not quite
stable yet and if you had used that you would not be asking this
question I suppose.
In case you pulled that branch you should have passed --enable-subnet
to the configure script (check your config.log). Your unbound.conf
file should include:
module-config: "subnetcache validator iterator"
//Yuri
Hi Yuri,
Thanks.
I'm trying to compile the edns-subnet from svn branch, I'm getting errors:
configure: Stripping extension flags...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/example.conf
config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8
config.status: creating doc/unbound-anchor.8
config.status: creating doc/unbound-checkconf.8
config.status: creating doc/unbound.conf.5
config.status: creating doc/unbound-control.8
config.status: creating doc/unbound-host.1
config.status: error: cannot find input file:
`smallapp/unbound-control-setup.sh.in'
Copying file from trunk gives me other error:
configure: Stripping extension flags...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/example.conf
config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8
config.status: creating doc/unbound-anchor.8
config.status: creating doc/unbound-checkconf.8
config.status: creating doc/unbound.conf.5
config.status: creating doc/unbound-control.8
config.status: creating doc/unbound-host.1
config.status: creating smallapp/unbound-control-setup.sh
config.status: error: cannot find input file: `dnstap/dnstap_config.h.in'
This time configure runs ok, but make not:
# make
make: *** No rule to make target `sldns/pkthdr.h', needed by `dns.lo'. Stop.
What I'm doing wrong?
Thanks.
Ah yes my bad. I broke the branch last Tuesday while updating the code
to the latest trunk. Should be working now.
//Yuri
Hi Yuri,
Now I got to compile and install it. Thanks.
Output from a query:
root@lin:~# dig-edns @127.0.0.1 google.com +client=179.x.x.0/24
; <<>> DiG 9.9.3-P2 <<>> @127.0.0.1 google.com +client=179.x.x.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63486
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 179.x.x.0/24/0 ******* <====
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 144 IN A 201.x.x.226
google.com. 144 IN A 201.x.x.212
google.com. 144 IN A 201.x.x.236
google.com. 144 IN A 201.x.x.231
google.com. 144 IN A 201.x.x.217
google.com. 144 IN A 201.x.x.221
google.com. 144 IN A 201.x.x.227
google.com. 144 IN A 201.x.x.232
google.com. 144 IN A 201.x.x.237
google.com. 144 IN A 201.x.x.251
google.com. 144 IN A 201.x.x.241
google.com. 144 IN A 201.x.x.216
google.com. 144 IN A 201.x.x.246
google.com. 144 IN A 201.x.x.222
google.com. 144 IN A 201.x.x.247
google.com. 144 IN A 201.x.x.242
;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 30 17:21:16 BRT 2015
;; MSG SIZE rcvd: 306
What parameters are available to configure in subnetcache module?
Thanks again.
What parameters are available to configure in subnetcache module?
send-client-subnet: <IP address>
Send client source address to this authority. Append /num to indicate
a classless delegation netblock, for example like 10.2.3.4/24 or
2001::11/64. Can be given multiple times. Authorities not listed will
not** receive edns-subnet information.
client-subnet-opcode: <number>
Specify positive integer smaller than 65536. Defaults to 8.
max-client-subnet-ipv6: <number>
Specifies the maximum prefix length of the client source address we
are willing to expose to third parties for IPv6. Defaults to 64.
max-client-subnet-ipv4: <number>
Specifies the maximum prefix length of the client source address we
are willing to expose to third parties for IPv4. Defaults to 24.
** Unless the client query includes the option.
//Yuri