[dns-operations] EDNS client subnet authoritative server implementation

John Kristoff jtk at depaul.edu
Fri Feb 9 02:53:41 UTC 2018


I'm interested in utilizing a DNS authoritative server implementation
that provides at least some support for the EDNS client subnet option
(IETF RFC 7871).

For now I just need an implementation that will signal to Google
resolvers that it supports the feature without too much effort on my
part if that is possible. Ideally I'd also like the software to be able
to log the received client subnet values along with the other
traditional query detail (e.g. query address, name, class).

BIND seems to do at least the logging part, but I'm not sure if they
will be compatible with Google.  In a recent ARM they have this note:

  The authoritative ECS implementation in named is based on an early
  version of the specification, and is known to have incompatibilities
  with other implementations.

This sounds like it might not work for me.  Anyone know differently?

It looks like this might be available in PowerDNS, but maybe only with
the pipe back end, which may work fine in my case.  Has anyone used
PowerDNS for auth edns client subnet handling and can confirm or show an
example config/pipe/setup that gets them client subnet data from Google

Pointers to other solutions would be welcome as well.

Thank you,


More information about the dns-operations mailing list