What is this for?

 

EDNS-client-subnet is an open IETF proposed standard which helps better direct content to users thereby decreasing latency, decreasing congestion, increasing transfer speeds and helping the Internet to scale faster and further. You can find more information on the Faster Internet project's site:

http://www.afasterinternet.com/

 

BIND has support for sending clientsubnet information in EDNS data using the `dig` utility as of version 9.10. Versions previous to this require that support be compiled in with a separate patch.

 

Compiling support for versions previous to 9.10

 

Download BIND. Older versions can be found on same FTP parent path:

$ wget ftp://ftp.isc.org/isc/bind9/9.9.3/bind-9.9.3.tar.gz

$ tar xf bind-9.9.3.tar.gz

$ cd bind-9.9.3

 

Download the patch from Wilmer van der Gaast. Ensure that you download the version of the patch that matches the version of BIND you are using:

$ wget http://wilmer.gaa.st/edns-client-subnet/bind-9.9.3-dig-edns-client-subnet-iana.diff

 

Patch the code, configure and compile. OpenSSL support is not needed as we will only be using `dig`:

$ patch -p0 < bind-9.9.3-dig-edns-client-subnet-iana.diff

$ ./configure --without-openssl

$ make

 

You can find your patched version of `dig` in `bin/dig/`. 

 

Usage

 

 Version 9.10 and later use `+subnet=<subnet>` to specify the client subnet. For example:

opendns@ubuntu ~/src/bind-9.10.0/bin/dig > ./dig @ns1.google.com google.com +subnet=208.67.222.0/24

; <<>> DiG 9.10.0 <<>> @ns1.google.com google.com +subnet=208.67.222.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36842
;; flags: qr aa rd; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 208.67.222.0/24/32
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 74.125.239.38
google.com. 300 IN A 74.125.239.34
google.com. 300 IN A 74.125.239.40
google.com. 300 IN A 74.125.239.41
google.com. 300 IN A 74.125.239.35
google.com. 300 IN A 74.125.239.33
google.com. 300 IN A 74.125.239.36
google.com. 300 IN A 74.125.239.39
google.com. 300 IN A 74.125.239.37
google.com. 300 IN A 74.125.239.32
google.com. 300 IN A 74.125.239.46

;; Query time: 23 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Mon Sep 15 16:11:25 UTC 2014
;; MSG SIZE rcvd: 226

 

 

 

For version prior to 9.10 that have been compiled with the patch, the option is `+client=<subnet>` instead:

opendns@ubuntu ~/src/bind-9.9.3-P1/bin/dig > ./dig @ns1.google.com google.com +client=208.67.222.0/24

; <<>> DiG 9.9.3-P1 <<>> @ns1.google.com google.com +client=208.67.222.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48633
;; flags: qr aa rd; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 208.67.222.0/24/32
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 74.125.239.37
google.com. 300 IN A 74.125.239.32
google.com. 300 IN A 74.125.239.46
google.com. 300 IN A 74.125.239.34
google.com. 300 IN A 74.125.239.39
google.com. 300 IN A 74.125.239.36
google.com. 300 IN A 74.125.239.35
google.com. 300 IN A 74.125.239.33
google.com. 300 IN A 74.125.239.41
google.com. 300 IN A 74.125.239.38
google.com. 300 IN A 74.125.239.40

;; Query time: 23 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Mon Sep 15 16:59:02 UTC 2014
;; MSG SIZE rcvd: 226