[dns-operations] Testing edns client subnet

Albert Braden abraden at about.com
Fri Dec 9 23:24:07 UTC 2016


I am curious about how edns client subnet works, and I wanted to see it in action, so I setup a geo-routed A record test.abote.com, and two BIND 9.11.0-P1 recursive resolvers in different geographic regions. If I pull test.abote.com from different places using 8.8.8.8 as a resolver, I get the IP appropriate to the client's location. If I explicitly send a subnet to my recursive resolver using +subnet= then I get a reply appropriate to the subnet provided. If I query my recursive servers without explicitly sending client subnet information, I get the IP appropriate to the resolver's location. If I run tcpdump on my recursive resolver and query it without explicitly sending subnet information, I do not see it sending any client subnet information.

What is required for a recursive resolver to send client subnet information to the auth. server when it is not explicitly provided by the client? Do I need to setup anything in the config? Are any compile options required?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161209/5cedcb01/attachment.html>


More information about the dns-operations mailing list