How to configure , dig command support +subnet

Greg Choules gregchoules+bindusers at googlemail.com
Tue Dec 13 11:32:17 UTC 2022 

Hello.
What exact version of BIND are you running? "named -V" From dig it *looks*
like you are running 9.18.9.
ECS support only exists in the subscription editions of BIND (-S suffix)
and to get that you need to be an eligible ISC support customer.

Thanks, Greg

On Tue, 13 Dec 2022 at 10:48, 徐娅 <xuya2011 at gmail.com> wrote:

> 25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 202025-Nov-2022 23:30:32.924 built with  '--prefix=/usr/local/bind-9.18.9' '--enable-largefile' '--enable-epoll' '--enable-full-report' '--disable-doh' '--enable-dnsrps-dl' '--enable-dnsrps'25-Nov-2022 23:30:32.924 running as: named -c named.conf -fg25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 201725-Nov-2022 23:30:32.924 linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 201725-Nov-2022 23:30:32.924 compiled with zlib version: 1.2.725-Nov-2022 23:30:32.924 linked to zlib version: 1.2.725-Nov-2022 23:30:32.924 ----------------------------------------------------25-Nov-2022 23:30:32.924 BIND 9 is maintained by Internet Systems Consortium,25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3) public-benefit25-Nov-2022 23:30:32.924 corporation.  Support and training for BIND 9 are25-Nov-2022 23:30:32.924 available at https://www.isc.org/support
>
>
>
> # cat named.conf... ...... ...options {    listen-on    port 353 { any; };    listen-on-v6 port 353 { any; };    directory       "/root/edns/named";    allow-query     {	any;    };    allow-recursion {	any;    };    empty-zones-enable no;    pid-file "/root/edns/named/run/named.pid";};view "aaa" {    match-clients {    10.105.0.0/16;   };    zone "abc.com" {        type master;        file "aaa/abc.com";    };};view "bbb" {    match-clients { 10.106.0.0/26;   };    zone "abc.com" {        type master;        file "bbb/abc.com";    };};view "idc-default" {    match-clients {  any;  };    zone "abc.com" {        type master;        file "any/abc.com";    };};# cat named/aaa/abc.com... ...www 600 IN TXT aaa# cat named/bbb/abc.comwww 600 IN TXT bbb# cat named/ccc/abc.comwww 600 IN TXT ccc
>
>
> # dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2; <<>> DiG 9.18.9 <<>> @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232; COOKIE: 075abe1b7a9c177a010000006380ded9dc3ca0fc1bae43d4 (good); CLIENT-SUBNET: 10.105.2.2/32/0;; QUESTION SECTION:;txt.abc.com.			IN	TXT;; ANSWER SECTION:txt.abc.com.		600	IN	TXT	"any";; Query time: 1 msec;; SERVER: 127.0.0.1#353(127.0.0.1) (UDP);; WHEN: Fri Nov 25 23:27:21 CST 2022;; MSG SIZE  rcvd: 99
>
> I expect +subnet=10.105.2.2, return *aaa*, but returned any
>
> # dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2any
>
> I expect +subnet=10.106.3.3, return *bbb*, but returned any
>
> # dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.106.3.3any
>
>
> How do I change named.conf?
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221213/f625e2e0/attachment-0001.htm>

More information about the bind-users mailing list