[dnsdist] MAC addresses being grouped downstream

Winfried Angele winfried.angele at gmail.com
Sat Jun 3 08:30:44 UTC 2023 

Hi Larry, I've no experience with pihole, but I read it supports ECS. Maybe one solution could be to use the client IP passed with ECS to pihole.

See here https://dnsdist.org/advanced/passing-source-address.html

Winfried
 

Am 3. Juni 2023 09:00:02 MESZ schrieb Larry Wapnitsky via dnsdist <dnsdist at mailman.powerdns.com>:
>I'm using dnsdist to route my clients based on subnet as to whether or not
>they should be using my pihole server for adblocking. Overall, this works
>great, but I"m noticing that pihole groups all queries by client to a
>single MAC address, that of the dnsdist server. Is there a way to break
>this out before it goes to the pihole server?
>
>My dnsdist config:
>
>setLocal('10.150.33.102')
>addLocal('[2001:470:e1eb:33::102]:53')
>
>
>webserver("10.150.33.102:8083")
>setWebserverConfig({acl="10.150.0.0/8"})
>setWebserverConfig({password='$scrypt$ln=10,p=1,r=***='})
>
>addACL('10.150.0.0/8')
>addACL('2001:470:e1eb::0/48')
>
>setECSOverride(true)
>setECSSourcePrefixV4(32)
>
>newServer({address="10.150.33.5", name="ns1", pool="default", qps=1,
>useClientSubnet=true})
>newServer({address="10.150.33.6", name="ns2", qps=1, pool="default",
>useClientSubnet=true})
>newServer({address="10.150.33.7", name="ns3", pool="default", qps=1,
>useClientSubnet=true})
>
>
>newServer({address="10.150.33.15", name="ns1_auth", pool="auth",
>checkName="wapnet.local.lan"})
>newServer({address="2001:470:#", name="ns1_auth", pool="auth",
>checkName="wapnet.local.lan"})
>newServer({address="10.150.33.16", name="ns2_auth", pool="auth",
>checkName="wapnet.local.lan"})
>
>newServer({address="2001:470:#", name="ns1_auth", pool="auth",
>checkName="wapnet.local.lan"})
>newServer({address="10.150.33.17", name="ns3_auth", pool="auth",
>checkName="wapnet.local.lan"})
>newServer({address="2001:470:#", name="ns1_auth", pool="auth",
>checkName="wapnet.local.lan"})
>
>newServer({address="10.150.33.3:53", name="pihole", pool="pihole",
>useClientSubnet=true,checkInterval=3600})
>
>adblock_ips=newNMG()
>adblock_ips:addMask('10.150.222.0/24')
>adblock_ips:addMask('10.150.12.0/24')
>adblock_ips:addMask('10.150.11.0/24')
>adblock_ips:addMask('10.150.66.0/24')
>adblock_ips:addMask('2001:470:e1eb:66::/64')
>adblock_ips:addMask('10.150.100.0/24')
>adblock_ips:addMask('2001:470:e1eb:100::/64')
>adblock_ips:addMask('10.150.99.0/24')
>adblock_ips:addMask('10.150.33.1/32')
>adblock_ips:addMask('10.150.33.211/32')
>adblock_ips:addMask('10.150.33.212/32')
>addAction(NetmaskGroupRule(adblock_ips), PoolAction('pihole'))
>
>
>
>addAction({'wapnet.local.lan'}, PoolAction("auth"))
>
>
>addAction(AllRule(), PoolAction('default'))
>
>-- setServerPolicy(firstAvailable)
>setServerPolicy(whashed)
>
>
>
>*Larry G. Wapnitsky*
>
>
>*E: Larry at Wapnitsky.com*
>*Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230603/18949de1/attachment.htm>

More information about the dnsdist mailing list