Discussion:
[Unbound-users] EDNS client subnet tests
Eduardo Schoedler
2015-04-29 18:16:12 UTC
Permalink
Hi,

How can I know if I have edns-client-subnet support enabled in my dns recursor?

I'm using Version 1.5.1
linked libs: libevent 2.0.21-stable (it uses epoll), OpenSSL 1.0.1f 6 Jan 2014
linked modules: dns64 validator iterator

Thanks in advance.
--
Eduardo Schoedler
Yuri Schaeffer
2015-04-29 20:06:50 UTC
Permalink
Post by Eduardo Schoedler
How can I know if I have edns-client-subnet support enabled in my dns recursor?
You haven't. Unbound does not have official support for it. There is
an experimental branch in our svn repository though. It is not quite
stable yet and if you had used that you would not be asking this
question I suppose.

In case you pulled that branch you should have passed --enable-subnet
to the configure script (check your config.log). Your unbound.conf
file should include:
module-config: "subnetcache validator iterator"

//Yuri
Post by Eduardo Schoedler
I'm using Version 1.5.1 linked libs: libevent 2.0.21-stable (it
uses epoll), OpenSSL 1.0.1f 6 Jan 2014 linked modules: dns64
validator iterator
Thanks in advance.
Eduardo Schoedler
2015-04-29 23:45:26 UTC
Permalink
Hi Yuri,

Thanks.

I'm trying to compile the edns-subnet from svn branch, I'm getting errors:

configure: Stripping extension flags...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/example.conf
config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8
config.status: creating doc/unbound-anchor.8
config.status: creating doc/unbound-checkconf.8
config.status: creating doc/unbound.conf.5
config.status: creating doc/unbound-control.8
config.status: creating doc/unbound-host.1
config.status: error: cannot find input file:
`smallapp/unbound-control-setup.sh.in'

Copying file from trunk gives me other error:

configure: Stripping extension flags...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/example.conf
config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8
config.status: creating doc/unbound-anchor.8
config.status: creating doc/unbound-checkconf.8
config.status: creating doc/unbound.conf.5
config.status: creating doc/unbound-control.8
config.status: creating doc/unbound-host.1
config.status: creating smallapp/unbound-control-setup.sh
config.status: error: cannot find input file: `dnstap/dnstap_config.h.in'

This time configure runs ok, but make not:

# make
make: *** No rule to make target `sldns/pkthdr.h', needed by `dns.lo'. Stop.

What I'm doing wrong?

Thanks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Eduardo Schoedler
How can I know if I have edns-client-subnet support enabled in my dns recursor?
You haven't. Unbound does not have official support for it. There is
an experimental branch in our svn repository though. It is not quite
stable yet and if you had used that you would not be asking this
question I suppose.
In case you pulled that branch you should have passed --enable-subnet
to the configure script (check your config.log). Your unbound.conf
module-config: "subnetcache validator iterator"
//Yuri
Post by Eduardo Schoedler
I'm using Version 1.5.1 linked libs: libevent 2.0.21-stable (it
uses epoll), OpenSSL 1.0.1f 6 Jan 2014 linked modules: dns64
validator iterator
Thanks in advance.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVBOdoACgkQI3PTR4mhavjePgCgvoCFTO8DM7g/Dn6clbU3qOi3
t7kAoNMviGdc19ZM2Vyi/zoRo4EU00O7
=vFgM
-----END PGP SIGNATURE-----
_______________________________________________
Unbound-users mailing list
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
--
Eduardo Schoedler
Yuri Schaeffer
2015-04-30 08:10:17 UTC
Permalink
Ah yes my bad. I broke the branch last Tuesday while updating the code
to the latest trunk. Should be working now.

//Yuri
Post by Eduardo Schoedler
Hi Yuri,
Thanks.
configure: Stripping extension flags... configure: creating
creating doc/example.conf config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8 config.status: creating
doc/unbound-anchor.8 config.status: creating
doc/unbound-checkconf.8 config.status: creating doc/unbound.conf.5
creating doc/unbound-host.1 config.status: error: cannot find input
file: `smallapp/unbound-control-setup.sh.in'
configure: Stripping extension flags... configure: creating
creating doc/example.conf config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8 config.status: creating
doc/unbound-anchor.8 config.status: creating
doc/unbound-checkconf.8 config.status: creating doc/unbound.conf.5
creating doc/unbound-host.1 config.status: creating
smallapp/unbound-control-setup.sh config.status: error: cannot find
input file: `dnstap/dnstap_config.h.in'
# make make: *** No rule to make target `sldns/pkthdr.h', needed by
`dns.lo'. Stop.
What I'm doing wrong?
Thanks.
Post by Eduardo Schoedler
How can I know if I have edns-client-subnet support enabled
in my dns recursor?
You haven't. Unbound does not have official support for it. There
is an experimental branch in our svn repository though. It is not
quite stable yet and if you had used that you would not be asking
this question I suppose.
In case you pulled that branch you should have passed
--enable-subnet to the configure script (check your config.log).
Your unbound.conf file should include: module-config: "subnetcache
validator iterator"
//Yuri
Post by Eduardo Schoedler
I'm using Version 1.5.1 linked libs: libevent 2.0.21-stable
dns64 validator iterator
Thanks in advance.
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Eduardo Schoedler
2015-04-30 20:36:11 UTC
Permalink
Hi Yuri,

Now I got to compile and install it. Thanks.

Output from a query:

***@lin:~# dig-edns @127.0.0.1 google.com +client=179.x.x.0/24

; <<>> DiG 9.9.3-P2 <<>> @127.0.0.1 google.com +client=179.x.x.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63486
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 179.x.x.0/24/0 ******* <====
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 144 IN A 201.x.x.226
google.com. 144 IN A 201.x.x.212
google.com. 144 IN A 201.x.x.236
google.com. 144 IN A 201.x.x.231
google.com. 144 IN A 201.x.x.217
google.com. 144 IN A 201.x.x.221
google.com. 144 IN A 201.x.x.227
google.com. 144 IN A 201.x.x.232
google.com. 144 IN A 201.x.x.237
google.com. 144 IN A 201.x.x.251
google.com. 144 IN A 201.x.x.241
google.com. 144 IN A 201.x.x.216
google.com. 144 IN A 201.x.x.246
google.com. 144 IN A 201.x.x.222
google.com. 144 IN A 201.x.x.247
google.com. 144 IN A 201.x.x.242

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 30 17:21:16 BRT 2015
;; MSG SIZE rcvd: 306


What parameters are available to configure in subnetcache module?

Thanks again.

--
Eduardo Schoedler
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ah yes my bad. I broke the branch last Tuesday while updating the code
to the latest trunk. Should be working now.
//Yuri
Post by Eduardo Schoedler
Hi Yuri,
Thanks.
configure: Stripping extension flags... configure: creating
creating doc/example.conf config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8 config.status: creating
doc/unbound-anchor.8 config.status: creating
doc/unbound-checkconf.8 config.status: creating doc/unbound.conf.5
creating doc/unbound-host.1 config.status: error: cannot find input
file: `smallapp/unbound-control-setup.sh.in'
configure: Stripping extension flags... configure: creating
creating doc/example.conf config.status: creating doc/libunbound.3
config.status: creating doc/unbound.8 config.status: creating
doc/unbound-anchor.8 config.status: creating
doc/unbound-checkconf.8 config.status: creating doc/unbound.conf.5
creating doc/unbound-host.1 config.status: creating
smallapp/unbound-control-setup.sh config.status: error: cannot find
input file: `dnstap/dnstap_config.h.in'
# make make: *** No rule to make target `sldns/pkthdr.h', needed by
`dns.lo'. Stop.
What I'm doing wrong?
Thanks.
Post by Eduardo Schoedler
How can I know if I have edns-client-subnet support enabled in my dns recursor?
You haven't. Unbound does not have official support for it. There
is an experimental branch in our svn repository though. It is not
quite stable yet and if you had used that you would not be asking
this question I suppose.
In case you pulled that branch you should have passed
--enable-subnet to the configure script (check your config.log).
Your unbound.conf file should include: module-config: "subnetcache
validator iterator"
//Yuri
Post by Eduardo Schoedler
I'm using Version 1.5.1 linked libs: libevent 2.0.21-stable
dns64 validator iterator
Thanks in advance.
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVB42kACgkQI3PTR4mhavgcagCgnSs/jvAkHLnB5KU2IiROv6c1
3JEAnjMEgFJPAlkv6Lu5VG4jCVloI6Md
=GAI8
-----END PGP SIGNATURE-----
--
Eduardo Schoedler
Yuri Schaeffer
2015-05-01 08:17:37 UTC
Permalink
Post by Eduardo Schoedler
What parameters are available to configure in subnetcache module?
send-client-subnet: <IP address>
Send client source address to this authority. Append /num to indicate
a classless delegation netblock, for example like 10.2.3.4/24 or
2001::11/64. Can be given multiple times. Authorities not listed will
not** receive edns-subnet information.

client-subnet-opcode: <number>
Specify positive integer smaller than 65536. Defaults to 8.

max-client-subnet-ipv6: <number>
Specifies the maximum prefix length of the client source address we
are willing to expose to third parties for IPv6. Defaults to 64.

max-client-subnet-ipv4: <number>
Specifies the maximum prefix length of the client source address we
are willing to expose to third parties for IPv4. Defaults to 24.


** Unless the client query includes the option.

//Yuri

Loading...