On 7/31/19 9:47 PM, Brian Sullivan wrote: > Sure let me put something together with some generic data and send you the > trace. By the way, could you send me the rule you used? I tried a few known > EDNS Options and those did not work for me either. There isn't anything > that I need to enable for this to work?
I tested with: addAction(EDNSOptionRule(10), DropAction()) and confirmed with dig that a query with a cookie is blocked, while a query without any cookie is allowed. I also tested a query with no cookie but with an EDNS Client Subnet option and this one was allowed as well. Note that we also have a regression test that checks that a query with an EDNS Client Subnet option is dropped instead: https://github.com/PowerDNS/pdns/blob/master/regression-tests.dnsdist/test_Advanced.py#L1536 > Depending on timing I may not get to this before Friday my time. Understood, thank you! Remi > On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne <remi.gaco...@powerdns.com> > wrote: > >> Hi Brian, >> >> On 7/31/19 6:57 PM, Brian Sullivan wrote: >>> I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are >>> using a local/experimental optcode. For example, I have the following in >>> the dnsdist.conf file. >>> >>> addAction(EDNSOptionRule(65002), DropAction()) >>> >>> and I see the rule in the webserver. >>> >>> [image: Screen Shot 2019-07-31 at 12.47.10 PM.png] >>> >>> and I sent a query with the ENDS Option and it doesn't get dropped. I >> know >>> this because I have a Lua script associated with the pdns recursor that >> is >>> processing that specific option. >>> >>> lua snippit >>> -- Special Code is in EDNS Option 65002 >>> local specialcode = dq:getEDNSOption(65002) >>> if (specialcode) then >>> pdnslog("*************************** Special Code = >> "..specialcode) >>> end >>> >>> Log file Output >>> *************************** Special Code = BLAH >>> >>> Any idea on what is going on? >> >> Would you be able to share a capture of the query, or at least some way >> we can reproduce the issue? I did a quick test -albeit with a different >> option- and it worked correctly so I'm assuming I'm not exercising the >> same code path that you are. >> >> Best regards, >> -- >> Remi Gacogne >> PowerDNS.COM BV - https://www.powerdns.com/ >> >> _______________________________________________ >> dnsdist mailing list >> dnsdist@mailman.powerdns.com >> https://mailman.powerdns.com/mailman/listinfo/dnsdist >> > > -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist