draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured
as trust anchors. Also DNSKEYs are allowed, by the way.
draft-ietf-dnsext-dnssec-bis-updates: supported.
+draft-vandergaast-edns-client-subnet-01: Basic support with limited
+ caching for specific answers.
Record type syntax support, extensive, from lib ldns.
For these types only syntax and parsing support is needed.
Disable support for RSASHA256 and RSASHA512 crypto.
* --disable-gost
Disable support for GOST crypto, RFC 5933.
+ * --enable-subnet
+ Enables support for client subnet. Client address prefix is send to
+ authorities to get a more specific answer.
* 'make test' runs a series of self checks.
Configure local data shorthand for a PTR record with the reversed IPv4 or
IPv6 address and the host name. For example "192.0.2.4 www.example.com".
TTL can be inserted like this: "2001:DB8::4 7200 www.example.com"
+.TP 5
+.B send\-client\-subnet: \fI<IP address>
+Send client source address to this authority. Can be IP4 or IP6. Append
+/num to indicate a classless delegation netblock, for example like
+10.2.3.4/24 or 2001::11/64.
+.TP 5
+.B client\-subnet\-opcode: \fI<number>
+Client subnet option code is not assigned by IANA. Specify positive
+integer smaller than 65536. Defaults to 20730.
+.TP 5
+.B max\-client\-subnet\-ipv6: \fI<number>
+Specifies the maximum prefix length of the client source address we
+are willing to expose to third parties for IPv6. Defaults to 64.
+.TP 5
+.B max\-client\-subnet\-ipv4: \fI<number>
+Specifies the maximum prefix length of the client source address we
+are willing to expose to third parties for IPv4. Defaults to 24.
.SS "Remote Control Options"
In the
.B remote\-control:
libworker_delete(w);
return NULL;
}
-#ifdef CLIENT_SUBNET
w->back = outside_network_create(w->base, cfg->msg_buffer_size,
(size_t)cfg->outgoing_num_ports, cfg->out_ifs,
cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6,
cfg->do_tcp?cfg->outgoing_num_tcp:0,
w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
ports, numports, cfg->unwanted_threshold,
- &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx, NULL);
-#else
- w->back = outside_network_create(w->base, cfg->msg_buffer_size,
- (size_t)cfg->outgoing_num_ports, cfg->out_ifs,
- cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6,
- cfg->do_tcp?cfg->outgoing_num_tcp:0,
- w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
- ports, numports, cfg->unwanted_threshold,
- &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx);
+ &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx
+#ifdef CLIENT_SUBNET
+ , NULL
#endif
+ );
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);
}
if(!e)
return NULL;
e->qstate = q;
- #ifdef CLIENT_SUBNET
- e->qsent = outnet_serviced_query(w->back, qname,
- qnamelen, qtype, qclass, flags, dnssec, want_dnssec,
- q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr,
- addrlen, zone, zonelen, libworker_handle_service_reply, e,
- w->back->udp_buff, &q->edns_out);
-#else
+
e->qsent = outnet_serviced_query(w->back, qname,
qnamelen, qtype, qclass, flags, dnssec, want_dnssec,
q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr,
addrlen, zone, zonelen, libworker_handle_service_reply, e,
- w->back->udp_buff);
+ w->back->udp_buff
+#ifdef CLIENT_SUBNET
+ , &q->edns_out
#endif
+ );
+
if(!e->qsent) {
return NULL;
}
server:
send-client-subnet: 5.0.15.10
send-client-subnet: 193.0.14.129
- client-subnet-opc: 20730
+ client-subnet-opcode: 20730
max-client-subnet-ipv4: 21
verbosity: 3
module-config: "subnetcache validator iterator"
server:
send-client-subnet: 5.0.15.10
- client-subnet-opc: 20730
+ client-subnet-opcode: 20730
max-client-subnet-ipv4: 21
verbosity: 3
module-config: "subnetcache validator iterator"
server:
send-client-subnet: 5.0.15.10
- client-subnet-opc: 99
+ client-subnet-opcode: 99
max-client-subnet-ipv4: 21
verbosity: 3
module-config: "subnetcache validator iterator"
server:
; send-client-subnet: 5.0.15.10
- client-subnet-opc: 20730
+ client-subnet-opcode: 20730
max-client-subnet-ipv4: 21
verbosity: 3
module-config: "subnetcache validator iterator"
server:
send-client-subnet: 5.0.15.10
- client-subnet-opc: 20730
+ client-subnet-opcode: 20730
max-client-subnet-ipv4: 21
verbosity: 3
module-config: "subnetcache iterator"
else S_STRLIST("send-client-subnet", client_subnet)
else S_NUMBER_OR_ZERO("max-client-subnet-ipv4:", max_client_subnet_ipv4)
else S_NUMBER_OR_ZERO("max-client-subnet-ipv6:", max_client_subnet_ipv6)
- else S_NUMBER_OR_ZERO("client-subnet-opc:", client_subnet_opcode)
+ else S_NUMBER_OR_ZERO("client-subnet-opcode:", client_subnet_opcode)
#endif
else if (strcmp(opt, "outgoing-interface:") == 0) {
char* d = strdup(val);
else O_LST(opt, "send-client-subnet", client_subnet)
else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
- else O_DEC(opt, "client-subnet-opc", client_subnet_opcode)
+ else O_DEC(opt, "client-subnet-opcode", client_subnet_opcode)
#endif
/* not here:
* outgoing-permit, outgoing-avoid - have list of ports
projects / thirdparty / unbound.git / commitdiff
