Hello Niklas, On Aug 9, 2012, at 23:50 , Niklas wrote:
> It appears I am not the only one who seeks clarification on the edns > issue. Like [1] and [2] I found there is an option disable-edns in the > recursor.conf and even a counter for outgoing edns queries exists: > noedns-outqueries (found it with rec_controll get-all) > > Still when I enable this on the recursor, the queries getting to the > resolver omit the real remote ip. Instead they contain the IP of the > ISP DNS twice. Not only that, but queries already containing a edns > part appear to be reformatted too. EDNS is a generic extension mechanism; edns-subnet is a specific use of that mechanism. The recursor has some EDNS support but no edns-subnet support. > Requests send with dig + edns client subnet plugin > > a) directly > -> Q xxx.abc IN SOA -1 10.0.0.109 10.0.1.4 > 10.0.1.13/32 auth+pipe picking up your edns-subnet data. > b) via the recursor > -> Q yyy.abc IN SOA -1 10.0.1.12 10.0.1.4 > 10.0.1.12/32 Recursor is not passing on edns-subnet data as it simply does not support doing so. Auth is passing the pipebackend the recursor IP as the realRemote as it has nothing better. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
