Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make recursor & dnsdist communicate (ECS) 'variable' status #7209

Merged
merged 19 commits into from Jan 10, 2019

Conversation

Projects
None yet
4 participants
@rgacogne
Copy link
Member

commented Nov 19, 2018

Short description

Rebase of #7035 + some additional fixes.

DO NOT MERGE - code works, but needs review
When recursor uses EDNS Client Subnet, a minority of domain names start getting variable answers depending on who is asking. The recursor cache is aware of how this works. However, when the recursor hides behind dnsdist, the dnsdist cache is not aware of which domains are variable or not.

With this PR, when the recursor is configured to 'use-incoming-edns-subnet', it will add a /0 ECS scope to responses that are not variable.

Meanwhile with this PR, dnsdist learns that /0 answers from backends are invariant, and uses these for anyone who asks, independent of source address. The details are described more fully in this gist: https://gist.github.com/ahupowerdns/cebbddb1cee967c4c6b31176c213dcb8

This code has been tested in production and positively zooms.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
@pieterlexis

This comment has been minimized.

Copy link
Member

commented Jan 9, 2019

This PR is conflicted (sorry about that)

Show resolved Hide resolved pdns/pdns_recursor.cc Outdated
@pieterlexis
Copy link
Member

left a comment

The dnsdist docs on the packet cache could use a few paragraphs dedicated to the ECS zero scope feature.

@chbruyand
Copy link
Member

left a comment

LGTM!

Show resolved Hide resolved regression-tests.dnsdist/test_Caching.py Outdated

ahupowerdns and others added some commits Oct 5, 2018

emit a /0 ECS response on non-variable answers when using use-incomin…
…g-ecs, for the eventual benefit of dnsdist

@rgacogne rgacogne force-pushed the rgacogne:use-ecs-use-scope branch from b299a06 to 827d23e Jan 10, 2019

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Jan 10, 2019

Rebased, nits fixed (thanks!).

@rgacogne rgacogne changed the title [WIP] Make recursor & dnsdist communicate (ECS) 'variable' status Make recursor & dnsdist communicate (ECS) 'variable' status Jan 10, 2019

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Jan 10, 2019

I'll merge this as soon as Travis is green.

@rgacogne rgacogne force-pushed the rgacogne:use-ecs-use-scope branch from e88824d to a0ddd13 Jan 10, 2019

@rgacogne rgacogne merged commit 40191bd into PowerDNS:master Jan 10, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@rgacogne rgacogne deleted the rgacogne:use-ecs-use-scope branch Jan 10, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.