Re: EDNS0 Client-Subnet

[Deven P. <de...@dn...>]

Nevermind, I found it again.

Deven

On 03/24/2011 09:54 AM, Deven Phillips wrote:
> Brian,
>
>     I had to leave this code for a few days to take care of other 
> things and now I cannot find where that checkU8() call was. Could you 
> give me a clue?
>
> Thanks,
>
> Deven
>
> On 03/22/2011 01:29 PM, Brian Wellington wrote:
>> On Mar 22, 2011, at 10:11 AM, Deven Phillips wrote:
>>
>>> I have been tracing through the code and the whole thing falls apart
>>> with the TSIG verification. Because I am not trying to sign my
>>> requests/responses the TSIG is null and returns Rcode.FORMERR. Is there
>>> a simple way to get around this?
>>>
>>>
>>> On 03/22/2011 09:58 AM, Deven Phillips wrote:
>>>> Hello All,
>>>>
>>>>     New to the list and this may have been answered previously, but I
>>>> didn't find it searching the archives.
>>>>
>>>> Our company is implementing
>>>> http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-01
>>>>
>>>> I am trying to add functionality to one of our Java debugging tools to
>>>> test this functionality, so I have set up a SimpleResolver and used
>>>> the setEDNS() method. When I create the Option instance for the
>>>> OPTRecord, I do it as follows:
>>>>
>>>> InetAddress address = null ;
>>>> try {
>>>>     address = InetAddress.getByName(sourceField.getText()) ;
>>>>     int sourceMask = 32 ;
>>>>     int scopeMask = 0 ;
>>>>     byte[] family = new byte[2] ;
>>>>     family[0] = 0x0 ;
>>>>     family[1] = 0x1 ;
>>>>     if (Inet4Address.class.isInstance(address)) {
>>>>         family[1] = 0x1 ;
>>>>     } else {
>>>>         family[1] = 0x2 ;
>>>>     }
>>>>     ByteArrayOutputStream baos = new ByteArrayOutputStream() ;
>>>>     baos.write(family) ;
>>>>     baos.write(sourceMask) ;
>>>>     baos.write(scopeMask) ;
>>>>     baos.write(address.getAddress()) ;
>>>>     System.out.println(new String(baos.toByteArray())) ;
>>>>     Option clientSubnet = new Option(0x50fa, baos.toByteArray()) ;
>>>>     ArrayList<Option>  options = new ArrayList<Option>() ;
>>>>     options.add(clientSubnet) ;
>>>>     resolver.setEDNS(0, baos.size(), 0, options);
>>>> } catch (UnknownHostException uhe) {
>>>>     System.out.println("Source address is set, but is not a valid
>>>> hostname/IP.") ;
>>>> }
>>>>
>>>> The problem is that when I attempt to perform the lookup, I get an 
>>>> error:
>>>>
>>>> FORMERR
>>>>
>>>> As far as I can tell, the byte[] format is identical to the format
>>>> specified in the RFC (not that DNSJava is checking) and certainly
>>>> complies with the OPTRecord requirements. Any suggestions?
>>>>
>>>> Worst case scenario, I could just manually send my own message, but I
>>>> hate to re-invent the wheel.
>> There does appear to be a problem, but I have no idea what you're 
>> seeing.  In attempting to run code using this code, I did find a 
>> problem that the code constructing EDNS options (incorrectly) expects 
>> the option code to be an 8-bit value, not a 16-bit value.  Thus, 
>> attempting to run your code failed with:
>>
>> Exception in thread "main" java.lang.IllegalArgumentException: 
>> "option code" 20730 must be an unsigned 8 bit value
>>
>> After fixing that, I was able to send a query with the option, and 
>> get back a response with the option.  No idea if the value is 
>> correct, but nothing returned FORMERR.
>>
>> Unless you also fixed the size issue, there's no way that your code 
>> should have been able to construct the option at all, let alone send 
>> a packet containing it.  I also don't understand why you're talking 
>> about TSIG; the first thing the TSIG verification code does is check 
>> to see whether there should be a TSIG at all, and if not, return 
>> success immediately.
>>
>> Brian
>>
>