Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no "CLIENT-SUBNET" in "OPT pseudosection", result in broken ECS support when using AGH as upstream #7429

Open
3 tasks done
baraja opened this issue Nov 11, 2024 · 2 comments
Open
3 tasks done

no "CLIENT-SUBNET" in "OPT pseudosection", result in broken ECS support when using AGH as upstream #7429

baraja opened this issue Nov 11, 2024 · 2 comments
Labels
feature request

Comments

@baraja
Copy link

baraja commented Nov 11, 2024

Prerequisites

  • I have checked the Wiki and Discussions and found no answer

  • I have searched other issues and found no duplicates

  • I want to request a feature or enhancement and not ask a question

The problem

query from AGH with custom subnet:
dig IN A @dns.mydns.com www.google.com +subnet=3.80.0.0/24 -p5353

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:

while query from unbound with the same subnet info (unbound is on the same machine with different port):
dig IN A @dns.mydns.com www.google.com +subnet=3.80.0.0/24 -p53

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: 3.80.0.0/24/12
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:

without the "CLIENT-SUBNET" part, AGH can't handle ECS cache correctly just as described here
https://github.com/AdguardTeam/AdGuardHome/issues/5757#issuecomment-1525560081
that is said, i can't use another AGH as my AGH's upstream, which will result in broken ECS function

Proposed solution

there is "CLIENT-SUBNET" part in "OPT pseudosection", which will be telling the downstream AGH to cache ECS correctly

Alternatives considered and additional information

No response
@miladtempaccount
Copy link

can you please tell me if we can modify the code to send /32 instead of /24 to the upstream server ?
I need to know where can I modify the source code to achieve that

@baraja
Copy link
Author

baraja commented Nov 25, 2024

can you please tell me if we can modify the code to send /32 instead of /24 to the upstream server ? I need to know where can I modify the source code to achieve that

i'm not sure, but it looks like adguard public/private dns (adguard-dns.io) is working as expected, the ECS function is more perfect than AGH. i guess AGH should have the same behavior when handling ECS requests from clients
according to 7.2.2

If the client query did include the
option, the server MUST include one in its response, especially as it
could be talking to a Forwarding Resolver, which would need the
information for its own caching.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baraja @miladtempaccount