[dnsdist] log source address for queries

Remi Gacogne remi.gacogne at powerdns.com
Thu May 7 09:02:14 UTC 2020


Hi Simone,

On 5/7/20 10:44 AM, Simone Beccato via dnsdist wrote:
> using dnsdist in front of slave PowerDNS Authoritative Servers i see
> that all queries are logged (by slave) with the dnsdist source IP.
> 
> I need to log and archive all queries log but within the real public ip
> that originated the request; I found into the documentation the Proxy
> Protocol -> https://dnsdist.org/advanced/proxyprotocol.html
>
> I tried to configure the downstream servers as follow:
>
> #newServer({address="192.168.1.1", name="slave-01", pool="auth",
> useProxyProtocol=true})
> 
> but after restarting dnsdist the servers are marked as “DOWN”.

The Proxy Protocol is currently not supported by PowerDNS Authoritative
Server so it's just dropping the packets sent by dnsdist.
I'd suggest having a look at EDNS Client Subnet instead:

https://dnsdist.org/advanced/ecs.html

https://docs.powerdns.com/authoritative/settings.html#edns-subnet-processing

Enabling EDNS Client Subnet will make the original client IP available
to your backend, which might be enough depending on how you log queries.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200507/0b1622db/attachment.sig>


More information about the dnsdist mailing list