Seeing EDNS client-subnet in two steps

1. Build a dig client with support

2. Query an Auth that speaks the language

Now that we have a compiled version of dig that supports including the client subnet into the query we’re able to query authoritative servers with the flags enabled.
Here’s what a regular query for our favorite video site looks like:

image
Notice that the A records handed back are in North America. Now let’s resolve the record for a client in China:

image
The response now has an additional CLIENT-SUBNET flag specifying this response is only valid for that subnet. The next difference is the lack of A records in the response, instead we get a CNAME chain which’ll require another lookup.

On the UDP side, an additional record of type OPT is included in both request and response with the extended data. At this time Wireshark doesn’t support displaying the specific data but a patch is available @ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7552

image