search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.7k stars 908 forks source link

geobackend(EDNS) doesn't seem to work correctly #1718

Closed muzuco closed 10 years ago

muzuco commented 10 years ago

I tested pdns Authoritative server to check EDNS is working. But It seems to not working.

I did

  1. Install pdns Authoritative server v3.4.0 by using "yum" commend. (I referred http://www.monshouwer.eu/download/3rd_party/pdns/git/el6/)
  2. Install pdns-backend-geo by using "yum"
  3. Change /etc/pdns/pdns.conf edns-subnet-processing=yes
  4. Change the firewall to accept packets that exceed 512 bytes.

And, I tested. (I reffered https://www.dns-oarc.net/oarc/services/replysizetest)

test : dig +short rs.dns-oarc.net txt @111.111.111.111 (111.111.111.111 is Authoritative server IP)

result : rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. "222.122.135.16 DNS reply size limit is at least 490" "222.122.135.16 lacks EDNS, defaults to 512" "Tested at 2014-09-17 07:49:55 UTC"

It means EDNS is not working. The correct result is rst.x1002.rs.dns-oarc.net. rst.x1222.x1002.rs.dns-oarc.net. rst.x1403.x1222.x1002.rs.dns-oarc.net. "168.126.63.17 sent EDNS buffer size 4096" "168.126.63.17 DNS reply size limit is at least 1403" "Tested at 2014-09-17 07:46:26 UTC"

Habbie commented 10 years ago

You are testing EDNS support in your recursor at 111.111.111.111 (which means pdns_server is not what is running there), or in whatever you put in recursor= in your pdns.conf. You are not testing the pdns auth/geobackend EDNS capability. Closing ticket.

muzuco commented 10 years ago

Thank you for reply. I removed my recursor and I want to check my authoritative server supports EDNS in other way.

Now, I have 2 dns servers. One is an authoritative pdns server(It is using a geo backend) and another is a window dns server. The window dns server is a resolver.
And I have 2 clients. One is in Korea and another is in US. 2 client's resolver is a window dns server. So when clients query "www.example.org", resolver will pass this query to pdns server. And pdns server will return a "A" record according to client's region if EDNS is working.(This is my goal.) Resolver supports EDNS and also its firewall was changed to accept over 512 bytes. But It always return a "A" record according to resolver's region. How could I fix it?

Habbie commented 10 years ago

Please ask your question on IRC or the pdns-users mailing list. We are happy to help you there!

On 17 September 2014 10:56:52 CEST, muzuco notifications@github.com wrote:

Thank you for reply. I removed my recursor and I want to check my authoritative server supports EDNS in other way.

Now, I have 2 dns servers. One is an authoritative pdns server(It is using a geo backend) and another is a window dns server. The window dns server is a resolver.
And I have 2 clients. One is in Korea and another is in US. 2 client's resolver is a window dns server. So when clients query "www.example.org", resolver will pass this query to pdns server. And pdns server will return a "A" record according to client's region if EDNS is working.(This is my goal.) Resolver supports EDNS and also its firewall was changed to accept over 512 bytes. But It always return a "A" record according to resolver's region. How could I fix it?

Reply to this email directly or view it on GitHub: https://github.com/PowerDNS/pdns/issues/1718#issuecomment-55866492

Sent from my Android phone with K-9 Mail. Please excuse my brevity.