<div dir="ltr">Hi Yuri,<div><br></div><div>I've done a bit of testing with this and found a few issues.</div><div><br></div><div>1) The returned record does not update based on geoip when using different subnets. This happen only when the first request a given name does not have a client subnet passed with it:</div>
<div><div><br></div><div>root@dnsr001:~/src/edns-subnet# /EdgeCast/ecdns/bin/dig_iana +ttl @localhost <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a> </div><div><br></div><div>; <<>> DiG 9.9.3-P1 <<>> +ttl @localhost <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a></div>
<div>; (2 servers found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43765</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</div>
<div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div><div>;<a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a>.<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A</div>
<div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a>. 3600<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A<span class="" style="white-space:pre"> </span>72.21.81.253</div>
<div><br></div><div>;; Query time: 7 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Fri May 02 19:48:02 UTC 2014</div><div>;; MSG SIZE rcvd: 68</div><div><br></div><div>root@dnsr001:~/src/edns-subnet# cd util/data/^C</div>
<div>root@dnsr001:~/src/edns-subnet# /EdgeCast/ecdns/bin/dig_iana +ttl @localhost <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24">110.232.0.0/24</a></div><div>
<br></div><div>; <<>> DiG 9.9.3-P1 <<>> +ttl @localhost <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24">110.232.0.0/24</a></div><div>; (2 servers found)</div>
<div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21321</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</div><div>
<br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>; CLIENT-SUBNET: <a href="http://110.232.0.0/24/0">110.232.0.0/24/0</a></div><div>;; QUESTION SECTION:</div><div>;<a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a>.<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A</div>
<div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a>. 3591<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A<span class="" style="white-space:pre"> </span>72.21.81.253</div>
<div><br></div><div>;; Query time: 1 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Fri May 02 19:48:11 UTC 2014</div><div>;; MSG SIZE rcvd: 79</div></div><div><div><br></div><div>root@dnsr001:~/src/edns-subnet# unbound-control flush <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a></div>
<div>ok</div><div><br></div><div>root@dnsr001:~/src/edns-subnet# /EdgeCast/ecdns/bin/dig_iana +ttl @localhost <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24">110.232.0.0/24</a></div>
<div><br></div><div>; <<>> DiG 9.9.3-P1 <<>> +ttl @localhost <a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24">110.232.0.0/24</a></div><div>
; (2 servers found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36195</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</div>
<div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>; CLIENT-SUBNET: <a href="http://110.232.0.0/24/19">110.232.0.0/24/19</a></div><div>;; QUESTION SECTION:</div><div>;<a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a>.<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A</div>
<div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gp1.wpc.edgecastcdn.net">gp1.wpc.edgecastcdn.net</a>. 3600<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A<span class="" style="white-space:pre"> </span>117.18.232.133</div>
<div><br></div><div>;; Query time: 3 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Fri May 02 19:48:56 UTC 2014</div><div>;; MSG SIZE rcvd: 79</div></div><div><br></div><div><br></div><div><br></div>
<div>2) The TTL returned when edns-subnet is passed does not change over time:</div><div><br></div><div>At one point I had a working patch to fix this issue, however I am unable to find the whole patch at this time. I do have a small patch that sets the correct ttl in the reply from edns-subnet/subnetmod.c to utils/data/msgreply.c however I'm missing the msgreply.c piece that correctly set the response.(See attached patch for the first part) I believe this is happening because the cache tree for client-subnets is different from the standard cache tree. </div>
<div><br></div><div><div>root@dnsr001:~/src/edns-subnet# date; /EdgeCast/ecdns/bin/dig_iana @localhost <a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24" target="_blank">110.232.0.0/24</a></div>
<div>Fri May 2 16:23:20 UTC 2014</div><div><br></div><div>; <<>> DiG 9.9.3-P1 <<>> @localhost <a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24" target="_blank">110.232.0.0/24</a></div>
<div>; (2 servers found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33335</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</div>
<div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>; CLIENT-SUBNET: <a href="http://110.232.0.0/24/19" target="_blank">110.232.0.0/24/19</a></div><div>;; QUESTION SECTION:</div>
<div>;<a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a>.<span style="white-space:pre-wrap"> </span>IN<span style="white-space:pre-wrap"> </span>A</div>
<div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a>. 3600<span style="white-space:pre-wrap"> </span>IN<span style="white-space:pre-wrap"> </span>A<span style="white-space:pre-wrap"> </span>117.18.232.133</div>
<div><br></div><div>;; Query time: 3 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Fri May 02 16:23:20 UTC 2014</div><div>;; MSG SIZE rcvd: 79</div><div><br></div><div>root@dnsr001:~/src/edns-subnet# date; /EdgeCast/ecdns/bin/dig_iana @localhost <a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24" target="_blank">110.232.0.0/24</a></div>
<div>Fri May 2 16:29:49 UTC 2014</div><div><br></div><div>; <<>> DiG 9.9.3-P1 <<>> @localhost <a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a> +client=<a href="http://110.232.0.0/24" target="_blank">110.232.0.0/24</a></div>
<div>; (2 servers found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17943</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</div>
<div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>; CLIENT-SUBNET: <a href="http://110.232.0.0/24/19" target="_blank">110.232.0.0/24/19</a></div><div>;; QUESTION SECTION:</div>
<div>;<a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a>.<span style="white-space:pre-wrap"> </span>IN<span style="white-space:pre-wrap"> </span>A</div>
<div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a>. 3600<span style="white-space:pre-wrap"> </span>IN<span style="white-space:pre-wrap"> </span>A<span style="white-space:pre-wrap"> </span>117.18.232.133</div>
<div><br></div><div>;; Query time: 0 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Fri May 02 16:29:49 UTC 2014</div><div>;; MSG SIZE rcvd: 79</div></div><div><br></div><div>3) unbound-control marks all edns-subnet hits as misses:</div>
<div><div>root@dnsr001:~/src/edns-subnet# unbound-control stats_noreset</div><div>thread0.num.queries=5</div><div>thread0.num.cachehits=0</div><div>thread0.num.cachemiss=5</div><div>thread0.num.prefetch=0</div><div>thread0.num.recursivereplies=5</div>
<div>thread0.requestlist.avg=0</div><div>thread0.requestlist.max=0</div><div>thread0.requestlist.overwritten=0</div><div>thread0.requestlist.exceeded=0</div><div>thread0.requestlist.current.all=0</div><div>thread0.requestlist.current.user=0</div>
<div>thread0.recursion.time.avg=0.000522</div><div>thread0.recursion.time.median=6.25e-07</div><div>total.num.queries=5</div><div>total.num.cachehits=0</div><div>total.num.cachemiss=5</div><div>total.num.prefetch=0</div>
<div>
total.num.recursivereplies=5</div><div>total.requestlist.avg=0</div><div>total.requestlist.max=0</div><div>total.requestlist.overwritten=0</div><div>total.requestlist.exceeded=0</div><div>total.requestlist.current.all=0</div>
<div>total.requestlist.current.user=0</div><div>total.recursion.time.avg=0.000522</div><div>total.recursion.time.median=6.25e-07</div><div>time.now=1399048264.960805</div><div>time.up=616.002507</div><div>time.elapsed=616.002507</div>
</div><div><br></div><div><div>May 02 16:29:49 unbound[13363:0] info: 127.0.0.1 <a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a>. A IN</div><div>May 02 16:29:49 unbound[13363:0] debug: udp request from ip4 127.0.0.1 port 50867 (len 16)</div>
<div>May 02 16:29:49 unbound[13363:0] debug: mesh_run: start</div><div>May 02 16:29:49 unbound[13363:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_new</div><div>May 02 16:29:49 unbound[13363:0] info: subnet operate: query <a href="http://gp1.wpc.edgecastcdn.net" target="_blank">gp1.wpc.edgecastcdn.net</a>. A IN</div>
<div>May 02 16:29:49 unbound[13363:0] debug: subnet: answered from cache</div></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div>-Larry</div>
<br><br><div class="gmail_quote">On Thu, May 1, 2014 at 1:52 PM, Yuri Schaeffer <span dir="ltr"><<a href="mailto:yuri@nlnetlabs.nl" target="_blank">yuri@nlnetlabs.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Hi Larry,<br>
<div><div class="h5"><br>
> I was wondering if there was a timeline for completing this<br>
> addition to unbound. Looking at the svn branch for edns client<br>
> subnets it looks like the last commit was about 6 months<br>
> ago(2013/11/19).<br>
<br>
</div></div>There have been no commits to this branch since then because the<br>
feature is complete. We've been in a catch-22: To our knowledge nobody<br>
actually tried to use it so we are hesitant to call it production<br>
code, but everyone interested seems to wait until we call it<br>
production code.<br>
<br>
To get out of this situation we've decided to include it as a patch in<br>
contrib/ of the regular release. We do however need to do some work to<br>
get it there (think continues integration tests). I don't have a clear<br>
timeline for it as it is low priority, but I intend to allocate some<br>
time for it each week.<br>
<br>
Regards,<br>
Yuri<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
Comment: Using GnuPG with Icedove - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iEYEARECAAYFAlNitBgACgkQI3PTR4mhavg9ggCeNz3jtk0UHagY6MJRACcXTf1K<br>
P0MAoInQiPsZGv9AyoZce3/ZGt9/37Pd<br>
=HfnZ<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Unbound-users mailing list<br>
<a href="mailto:Unbound-users@unbound.net">Unbound-users@unbound.net</a><br>
<a href="http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users" target="_blank">http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users</a><br>
</blockquote></div><br></div>