REG: configuring BIND to respond with EDNS client subnet option

[Ramachandra Kasyap Marmavula]

Hi,

Request for some help with configuring a BIND DNS server to respond with EDNS0 client subnet option. I am using the enhanced 'dig' utility available with the BIND distribution to generate DNS queries with the EDNS0 client subnet option. I compiled bind with GeoIP and I am trying to use views to to define the list of IP subnets. Sample configuration from named.conf:

acl "IN" {

        1.6.0.0/15;

        1.22.0.0/15;

        1.38.0.0/15;

        103.24.201.0/24;

};

view "EDNS" {

         match-clients { IN; };

                zone "ecs.test" {

                type master;

                file "/etc/named/zones/myzone.tld.conf";

        };

}

When I send a DNS query with EDNS client subnet option, the server returns a response without the ECS option (indicating that it doesn't support this option). Is there some other configuration that I have to enable in named.conf to get this to work?

Thanks & Regards,

Ramachandra Kasyap

[Mukund Sivaraman]

Hi Ramachandra

Which version of BIND are you using? Authoritative side support for
client-subnet is only available in the master branch (and the 9.11 alpha
release so far). It has not been released in any stable releases and is
not a part of BIND 9.10 or 9.9.

Mukund

[Ramachandra Kasyap Marmavula]

Hi Mukund,

I recall reading that ECS is supported when BIND acts as authoritative server, but there is no support in resolver mode (tried unsuccessfully to find the exact link). Thanks for clarifying. I am using BIND 9.10 and shall switch to using the 9.11 alpha release.

Regards,

Ramachandra Kasyap