[dns-operations] EDNS client subnet authoritative server implementation

Evan Hunt each at isc.org
Fri Feb 9 18:38:22 UTC 2018

On Fri, Feb 09, 2018 at 03:26:21PM +0100, Stefan Schmidt wrote:
> > In a recent ARM they have this note:
> > 
> >   The authoritative ECS implementation in named is based on an early
> >   version of the specification, and is known to have incompatibilities
> >   with other implementations.
> > 
> > This sounds like it might not work for me.  Anyone know differently?
> It might just be the EDNS0 Option Code value, IIRC the Google and 
> OpenDNS used a preliminary option code.

No, it's more complicated than that. Returned scope values aren't always
correct, because we followed an early version of the draft and things
changed later.  Also subnets aren't properly deduplicated, and the
method used for configuring different responses depending on ECS values
isn't scalable - it involves configuring lots of different views, with
full copies of the zones for each view. It was really only included for
experimental testing purposes and I wouldn't recommend using it in
production for authoritative ECS responses. We have some work lined
up to improve this on the margins, but even then it probably wouldn't
be something you'd want to deploy.

It sounds as if you're more interested in the recursive side of ECS,
though.  We do have a spec-compliant implementation of that.  For the
moment, however, it's in a branch that's only accessible to support
customers, so I have to point you to https://www.isc.org/support/ for
further information.

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the dns-operations mailing list