[dnsdist] Keep Client IP across dnsdist and PDNSRecursor

Daniel Stirnimann daniel.stirnimann at switch.ch
Fri Sep 9 12:07:32 UTC 2016

Hi Ale

> but I still getting the IP of dnsdist on my recursor side. (same
> server on different ports) I were checking recursor options trying to
> find something ... but no luck.
> I'm start thinking I'm doing bad tests ... what I'm doing?

It looks to me you are trying to setup a transparent DNS
proxy/load-balancer using dnsdist. This is not possible. dnsdist will
rewrite the IP addresses when sending DNS requests to your backend recusor.

EDNS0 client subnet extension (ECS) will only add the client IP address
as part of the ENDS0 extension. You can look at this as additional
information passed from dnsdist to your backend recursor.

> Using dnsblast tool to send lots of random queries to my dnsdist,
> dnsdist forward those queries to the recursor  and the recursor
> replies back to dnsdist the SERVFAIL with the dnsdist IP.
> There is a better way know if dnsdist and recursor are using the "
> EDNS0 client subnet extension"???

I'm not sure recursor 3.7.3 understands EDNS0 ECS. It can very likely
not process this EDNS0 field. You need to check the documentation.
Sorry, I have never used PowerDNS recursor 3.

If this is your test lab, you can simply run tcpdump or wireshark and
look at the DNS packet details. If ECS is properly configured you should
see the ENDS0 extension in the request.


More information about the dnsdist mailing list