[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] using 'dig @8.8.8.8 +subnet', edns0-client-subnet not working



Hi. We are planing to set up a forwarder name server which delegates clients' DNS query to 8.8.8.8.
I suppose, using EDNS0-client-subnet, the DNS query can take the client source IP with it to get to 8.8.8.8  and get tailored responses back;
but 8.8.8.8 does not seems to take my ECS option.

I dig at 
- 8.8.8.8
- DYN public dns (216.146.35.35) 
- my authority name server (vip1.alidns.com.)

8.8.8.8 seems to not take my ECS option, while the other two responsed as expected.

Is there any ECS conformity issue on my authority DNS service provider that leads to this? 
I notice there is /0 scope mask in the response from 8.8.8.8 while the other two have /27. 

Thanks to your kindly help.

[gezhaozhi@bogon:/Users/gezhaozhi]
$dig www
.bytedancer.club. +subnet=212.118.241.33 @8.8.8.8


; <<>> DiG 9.10.6 <<>> www.bytedancer.club. +subnet=212.118.241.33 @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46396
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 212.118.241.33/32/0
;; QUESTION SECTION:
;www.bytedancer.club. IN A


;; ANSWER SECTION:
www
.bytedancer.club. 599 IN A 9.9.9.9


;; Query time: 444 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Oct 16 20:11:15 CST 2018
;; MSG SIZE  rcvd: 76




[gezhaozhi@bogon:/Users/gezhaozhi]
$dig www
.bytedancer.club. +subnet=212.118.241.33 @216.146.35.35


; <<>> DiG 9.10.6 <<>> www.bytedancer.club. +subnet=212.118.241.33 @216.146.35.35
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28404
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1480
; CLIENT-SUBNET: 212.118.241.33/32/24
;; QUESTION SECTION:
;www.bytedancer.club. IN A


;; ANSWER SECTION:
www
.bytedancer.club. 600 IN A 7.7.7.7


;; Query time: 388 msec
;; SERVER: 216.146.35.35#53(216.146.35.35)
;; WHEN: Tue Oct 16 20:11:23 CST 2018
;; MSG SIZE  rcvd: 76




[gezhaozhi@bogon:/Users/gezhaozhi]
$dig www
.bytedancer.club. +subnet=212.118.241.33 @vip1.alidns.com.


; <<>> DiG 9.10.6 <<>> www.bytedancer.club. +subnet=212.118.241.33 @vip1.alidns.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13743
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: 212.118.241.33/32/24
;; QUESTION SECTION:
;www.bytedancer.club. IN A


;; ANSWER SECTION:
www
.bytedancer.club. 600 IN A 7.7.7.7


;; Query time: 35 msec
;; SERVER: 140.205.1.1#53(140.205.1.1)
;; WHEN: Tue Oct 16 20:12:07 CST 2018
;; MSG SIZE  rcvd: 76

my setting on authority name service provider:
www.bytedancer.club -> 7.7.7.7, for clients from Europe
www.bytedancer.club -> 8.8.8.8, for clients from North America
www.bytedancer.club -> 9.9.9.9, for other geolocation

212.118.241.33 is an IP located in England, using +subnet=204.117.214.10 (North America) to repeat the former 3 tests we can still see 8.8.8.8 not taking the ECS option.

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/fb96f835-c0c0-4cc4-8598-03a5f233bf98%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.