coredns cache plugin does not use the returned EDNS Client Subnet in the key (ECS)

cache plugin does not use the returned EDNS Client Subnet in the key (ECS)

Open danog opened this issue 11 months ago • 2 comments

What happened:

The cache plugin uses only the qname, qtype, do and cd flags when caching responses containing to queries containing EDNS client subnet options (ECS).

This does not respect cache considerations in RFC 7871.

What you expected to happen:

The cache plugin must use the subnet and prefix returned in the response, after appropriate validation as specified in the RFC.

How to reproduce it (as minimally and precisely as possible):

. {
  cache
  forward . 8.8.8.8
}

dig google.com @127.0.0.1 +subnet=208.67.222.0/24
dig google.com @127.0.0.1 +subnet=102.38.255.0/24

Must return different IP addresses, but it doesn't.

Environment:

the version of CoreDNS: CoreDNS-1.12.0
OS (e.g: cat /etc/os-release): darwin/arm64, go1.23.3

Dec 17 '24 17:12 danog

can i work on this issue ?

Dec 22 '24 07:12 akhilsingh-git

I already whipped up an implementation, will commit it and send a PR probably monday

Dec 22 '24 15:12 danog

coredns coredns copied to clipboard

cache plugin does not use the returned EDNS Client Subnet in the key (ECS)

coredns
coredns copied to clipboard