EDNS Enrichment

Revision History

Table 1. Revision History
Revision Details Release

Added support for enriching DNS requests containing Additional RRs.

21.28.m23

First introduced.

21.28.m10

Feature Description

CUPS supports enrichment of EDNS requests to enrich and readdress DNS requests of subscribers who are subscribed to the parental control service.

When a subscriber subscribes to a parental control service, DNS requests by the subscriber are enriched with additional information (IMSI, MSISDN, APN) in an OPT RR field and readdressed to the dedicated DNS server for appropriate analysis and treatment. This additional information is configurable through an EDNS format that specifies tag values. These fields are encoded and appended to the DNS request header. The incoming DNS requests containing additional RRs are enriched accurately to unblock the subscriber.

How it Works

This section describes how this feature works.

PCRF or PCF activates a predefined rule for the subscriber.

  • On activation of the predefined rule, the EDNS enrichment feature applies to new DNS flows that match the predefined rule. All DNS requests matching the predefined rule are enriched with the configured fields (IMSI, MSISDN, and/or APN) in the DNS header.

  • On deactivation of the predefined rule, the EDNS enrichment feature ceases to be applied for new flows created after the rule is deactivated. The DNS flows created before deactivation continue to be enriched and readdressed.

The service-scheme in the active-charging service configuration selectively applies the feature to only a set of subscribers who have subscribed to the parental control service. This is achieved using a rule-match-change trigger type for evaluation of the trigger condition and taking the appropriate EDNS trigger action.

The IP readdressing configuration must be configured in the same trigger action that contains the EDNS format with which the EDNS request will be enriched. If readdressing is configured in both charging action and trigger action, the trigger action takes precedence.

The DNS requests are enriched by adding Option-Codes and Option-Data fields based on the configured EDNS format in the following scenarios:

  • Presence of additional RRs of OPT RR type in the incoming DNS request

    If an OPT RR is present in the incoming request, it is deleted, and a new OPT RR is added as the first additional RR based on the configured EDNS format.

  • Absence of additional RRs in the DNS request

    If no Additional RRs are present in the DNS request, enrichment is done by adding an OPT RR to the request.

  • Presence of additional RRs other than OPT RR type in the DNS request

Limitations

This feature has the following limitations:

  • External content-filtering and content-filtering against an on-box database does not interwork seamlessly with this feature and their functionality is mutually exclusive.

  • The incoming DNS requests are not validated to check for RFC compliance. If DNS request is invalid and contains more than one OPT RR, it will still be accepted for EDNS enrichment. If multiple OPT RRs are present in the incoming DNS request, the first OPT RR will be enriched, and the request will be forwarded to the DNS server.

Sample Configuration

The following is a sample CLI configuration for EDNS enrichment:

configure
   active-charging service ACS

      ruledef dns-port
         udp either-port = 53
         tcp either-port = 53
         multi-line-or all-lines
         rule-application routing
      #exit

      ruledef dns_traffic
         ip server-ip-address = 213.158.199.1
         ip server-ip-address = 213.158.199.5
         multi-line-or all-lines
      #exit

      charging-action ca
         content-id 1000
         billing-action egcdr
      #exit

      readdress-server-list test_edns_servers
         server 100.100.100.14
         server 100.100.100.15
         #exit

      rulebase test
         action priority 50 dynamic-only ruledef dns_traffic charging-action ca
         route priority 10 ruledef dns-port analyzer dns
         #exit

      edns
         fields test_fields
            tag 1 imsi
            tag 2 msisdn
            tag 3 apn-name
            #exit

         format test_format
            fields test_fields encode
         #exit

         trigger-action TA1
            edns format test_edns_format
            flow action readdress server-list test_edns_servers [ hierarchy | round-robin | discard-on-failure …]
          #exit

         trigger-condition TC1
            rule-name = dns_traffic
          #exit

         service-scheme SS1
            trigger rule-match-change
               priority 1 trigger-condition TC1 trigger-action TA1
         #exit

         subs-class SC1  
            rulebase = test
            multi-line-or all-lines
         #exit

         subscriber-base SB1
            priority 1 subs-class SC1 bind service-scheme SS1
         #exit
end

Monitoring and Troubleshooting

The EDNS enrichment feature supports the following show commands and outputs.

Show Commands and Outputs

The following show commands and outputs are modified in support of this feature:

show user-plane-service statistics analyzer name dns

EDNS Over UDP:
EDNS Encode Success:            0         EDNS Encode Failed:      0
EDNS Encode Success Bytes:      0
EDNS Response Received:         0
  
EDNS Over TCP:
EDNS Encode Success:            0         EDNS Encode Failed:      0
EDNS Encode Success Bytes:      0
EDNS Response Received:         0

show subscribers user-plane-only full callid <call_id>

DNS-to-EDNS Uplink Pkts:     0       DNS-to-EDNS Uplink Bytes:     0
EDNS Response Received:      0

show user-plane-service edns all

Fields:
    Fields Name: fields_1
    tag 26946 cf-policy-id

    Fields Name: fields_2
    tag 2001 imsi
    tag 2002 msisdn
    tag 26946 cf-policy-id

    Format:
    Format Name: format_1
    fields fields_1 encode

    Format Name: format_2
    fields fields_2 encode

show user-plane-service statistics trigger-action all

Trigger-Action: TA1
  Total EDNS PKTS           :  1
  Total readdressed Flows   :  1
  Total Trigger action(s)   :  1

show user-plane-service statistics trigger-action name <trigger_action_name>

Trigger-Action: TA1
  Total EDNS PKTS           :  1
  Total readdressed Flows   :  1
  Total Trigger action(s)   :  1