[dnsdist] Keep Client IP across dnsdist and PDNSRecursor
Daniel Stirnimann
daniel.stirnimann at switch.ch
Wed May 4 11:40:00 UTC 2016
Hello Alejandro,
You can pass the full client IP address using EDNS0 client subnet
extension
(https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-08).
newServer({ ... useClientSubnet=true .. })
setECSOverride(true)
setECSSourcePrefixV4(32)
setECSSourcePrefixV6(128)
I'm not sure if pdns-recursor 4.0 supports EDNS0 client subnet in any
form yet. I have not found any hint in
https://doc.powerdns.com/md/recursor/settings/
Daniel
On 04.05.16 12:43, Alejandro Adroher Mellado wrote:
> Hi all,
>
> I'm doing various researches in the last few days trying to find a
> way which let me pass the client query across dnsdist and
> pdns-recursor without losing the client source ip. I have dnsdist
> and recursor working on same server. (newest versions of dnsdist v
> 1.0.0 and recursor 4.0)
>
> The most clean example is when someone queries for a domain, dnsdist
> send the query to the recursor, the recursor gets a SERVFAIL and get
> back to the dnsdist something like.
>
> Sending SERVFAIL to 127.0.0.1 during resolve of '58cl.com.' because:
> Too much time waiting for 58cl.com.|A, timeouts: 5, throttles: 0,
> queries: 7, 7898msec
>
> It has sense because dnsdist is not sending customer source ip to the
> recursor... but, there must be a way. I've tried adding to dnsdist
> "useClientSubnet=true" but is not enough.
>
> Anyone have a better idea?
>
> Thanks a lot.
>
> Alejandro. _______________________________________________ dnsdist
> mailing list dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
--
SWITCH
Daniel Stirnimann, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 16 24
daniel.stirnimann at switch.ch, http://www.switch.ch
More information about the dnsdist
mailing list