Re: EDNS0 Client-Subnet

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I have been tracing through the code and the whole thing falls apart 
with the TSIG verification. Because I am not trying to sign my 
requests/responses the TSIG is null and returns Rcode.FORMERR. Is there 
a simple way to get around this?

Thanks,

Deven

On 03/22/2011 09:58 AM, Deven Phillips wrote:
> Hello All,
>
>     New to the list and this may have been answered previously, but I 
> didn't find it searching the archives.
>
> Our company is implementing 
> http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-01
>
> I am trying to add functionality to one of our Java debugging tools to 
> test this functionality, so I have set up a SimpleResolver and used 
> the setEDNS() method. When I create the Option instance for the 
> OPTRecord, I do it as follows:
>
> InetAddress address = null ;
> try {
>     address = InetAddress.getByName(sourceField.getText()) ;
>     int sourceMask = 32 ;
>     int scopeMask = 0 ;
>     byte[] family = new byte[2] ;
>     family[0] = 0x0 ;
>     family[1] = 0x1 ;
>     if (Inet4Address.class.isInstance(address)) {
>         family[1] = 0x1 ;
>     } else {
>         family[1] = 0x2 ;
>     }
>     ByteArrayOutputStream baos = new ByteArrayOutputStream() ;
>     baos.write(family) ;
>     baos.write(sourceMask) ;
>     baos.write(scopeMask) ;
>     baos.write(address.getAddress()) ;
>     System.out.println(new String(baos.toByteArray())) ;
>     Option clientSubnet = new Option(0x50fa, baos.toByteArray()) ;
>     ArrayList<Option> options = new ArrayList<Option>() ;
>     options.add(clientSubnet) ;
>     resolver.setEDNS(0, baos.size(), 0, options);
> } catch (UnknownHostException uhe) {
>     System.out.println("Source address is set, but is not a valid 
> hostname/IP.") ;
> }
>
> The problem is that when I attempt to perform the lookup, I get an error:
>
> FORMERR
>
> As far as I can tell, the byte[] format is identical to the format 
> specified in the RFC (not that DNSJava is checking) and certainly 
> complies with the OPTRecord requirements. Any suggestions?
>
> Worst case scenario, I could just manually send my own message, but I 
> hate to re-invent the wheel.
>
> Thanks,
>
> Deven Phillips
> Systems Programmer
> DNS.com