Re: EDNS0 Client-Subnet

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Brian,

     I had to leave this code for a few days to take care of other 
things and now I cannot find where that checkU8() call was. Could you 
give me a clue?

Thanks,

Deven

On 03/22/2011 01:29 PM, Brian Wellington wrote:
> On Mar 22, 2011, at 10:11 AM, Deven Phillips wrote:
>
>> I have been tracing through the code and the whole thing falls apart
>> with the TSIG verification. Because I am not trying to sign my
>> requests/responses the TSIG is null and returns Rcode.FORMERR. Is there
>> a simple way to get around this?
>>
>>
>> On 03/22/2011 09:58 AM, Deven Phillips wrote:
>>> Hello All,
>>>
>>>     New to the list and this may have been answered previously, but I
>>> didn't find it searching the archives.
>>>
>>> Our company is implementing
>>> http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-01
>>>
>>> I am trying to add functionality to one of our Java debugging tools to
>>> test this functionality, so I have set up a SimpleResolver and used
>>> the setEDNS() method. When I create the Option instance for the
>>> OPTRecord, I do it as follows:
>>>
>>> InetAddress address = null ;
>>> try {
>>>     address = InetAddress.getByName(sourceField.getText()) ;
>>>     int sourceMask = 32 ;
>>>     int scopeMask = 0 ;
>>>     byte[] family = new byte[2] ;
>>>     family[0] = 0x0 ;
>>>     family[1] = 0x1 ;
>>>     if (Inet4Address.class.isInstance(address)) {
>>>         family[1] = 0x1 ;
>>>     } else {
>>>         family[1] = 0x2 ;
>>>     }
>>>     ByteArrayOutputStream baos = new ByteArrayOutputStream() ;
>>>     baos.write(family) ;
>>>     baos.write(sourceMask) ;
>>>     baos.write(scopeMask) ;
>>>     baos.write(address.getAddress()) ;
>>>     System.out.println(new String(baos.toByteArray())) ;
>>>     Option clientSubnet = new Option(0x50fa, baos.toByteArray()) ;
>>>     ArrayList<Option>  options = new ArrayList<Option>() ;
>>>     options.add(clientSubnet) ;
>>>     resolver.setEDNS(0, baos.size(), 0, options);
>>> } catch (UnknownHostException uhe) {
>>>     System.out.println("Source address is set, but is not a valid
>>> hostname/IP.") ;
>>> }
>>>
>>> The problem is that when I attempt to perform the lookup, I get an error:
>>>
>>> FORMERR
>>>
>>> As far as I can tell, the byte[] format is identical to the format
>>> specified in the RFC (not that DNSJava is checking) and certainly
>>> complies with the OPTRecord requirements. Any suggestions?
>>>
>>> Worst case scenario, I could just manually send my own message, but I
>>> hate to re-invent the wheel.
> There does appear to be a problem, but I have no idea what you're seeing.  In attempting to run code using this code, I did find a problem that the code constructing EDNS options (incorrectly) expects the option code to be an 8-bit value, not a 16-bit value.  Thus, attempting to run your code failed with:
>
> Exception in thread "main" java.lang.IllegalArgumentException: "option code" 20730 must be an unsigned 8 bit value
>
> After fixing that, I was able to send a query with the option, and get back a response with the option.  No idea if the value is correct, but nothing returned FORMERR.
>
> Unless you also fixed the size issue, there's no way that your code should have been able to construct the option at all, let alone send a packet containing it.  I also don't understand why you're talking about TSIG; the first thing the TSIG verification code does is check to see whether there should be a TSIG at all, and if not, return success immediately.
>
> Brian
>