dig +dscp stopped working
It looks like the dig
+dscp= query option stopped working after I upgraded to dig 9.18.
dig +dscp=1 www.isc.org using dig 9.11 (specifically the version shipped in the Debian dnsutils version 9.11.5.P4+dfsg-5.1+deb10u5 package) and using dig 9.18 (Debian dnsutils package version 9.18.1-1). Attached are the corresponding pcaps from each dig version.
tshark -V, dig 9.11 set the DSCP value in the IP header to the expected value:
[…] Differentiated Services Field: 0x04 (DSCP: LE, ECN: Not-ECT) 0000 01.. = Differentiated Services Codepoint: Lower Effort (1) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) […]
whereas dig 9.18 did not:
[…] Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) […]
Looking briefly at the BIND 9.18 code I could not find where the DSCP option was being enabled on the query socket. Looking at the strace output, I also did not see the DSCP value being set in dig 9.18.