[dnsdist] MAC addresses being grouped downstream
Larry Wapnitsky
larry at wapnitsky.com
Sat Jun 3 14:32:26 UTC 2023
I've already configured ECS, as you can suggested, in my existing
configuration, but that's not working
*Larry G. Wapnitsky*
*E: Larry at Wapnitsky.com*
*Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>*
On Sat, Jun 3, 2023 at 3:00 AM Larry Wapnitsky <larry at wapnitsky.com> wrote:
> I'm using dnsdist to route my clients based on subnet as to whether or not
> they should be using my pihole server for adblocking. Overall, this works
> great, but I"m noticing that pihole groups all queries by client to a
> single MAC address, that of the dnsdist server. Is there a way to break
> this out before it goes to the pihole server?
>
> My dnsdist config:
>
> setLocal('10.150.33.102')
> addLocal('[2001:470:e1eb:33::102]:53')
>
>
> webserver("10.150.33.102:8083")
> setWebserverConfig({acl="10.150.0.0/8"})
> setWebserverConfig({password='$scrypt$ln=10,p=1,r=***='})
>
> addACL('10.150.0.0/8')
> addACL('2001:470:e1eb::0/48')
>
> setECSOverride(true)
> setECSSourcePrefixV4(32)
>
> newServer({address="10.150.33.5", name="ns1", pool="default", qps=1,
> useClientSubnet=true})
> newServer({address="10.150.33.6", name="ns2", qps=1, pool="default",
> useClientSubnet=true})
> newServer({address="10.150.33.7", name="ns3", pool="default", qps=1,
> useClientSubnet=true})
>
>
> newServer({address="10.150.33.15", name="ns1_auth", pool="auth",
> checkName="wapnet.local.lan"})
> newServer({address="2001:470:#", name="ns1_auth", pool="auth",
> checkName="wapnet.local.lan"})
> newServer({address="10.150.33.16", name="ns2_auth", pool="auth",
> checkName="wapnet.local.lan"})
>
> newServer({address="2001:470:#", name="ns1_auth", pool="auth",
> checkName="wapnet.local.lan"})
> newServer({address="10.150.33.17", name="ns3_auth", pool="auth",
> checkName="wapnet.local.lan"})
> newServer({address="2001:470:#", name="ns1_auth", pool="auth",
> checkName="wapnet.local.lan"})
>
> newServer({address="10.150.33.3:53", name="pihole", pool="pihole",
> useClientSubnet=true,checkInterval=3600})
>
> adblock_ips=newNMG()
> adblock_ips:addMask('10.150.222.0/24')
> adblock_ips:addMask('10.150.12.0/24')
> adblock_ips:addMask('10.150.11.0/24')
> adblock_ips:addMask('10.150.66.0/24')
> adblock_ips:addMask('2001:470:e1eb:66::/64')
> adblock_ips:addMask('10.150.100.0/24')
> adblock_ips:addMask('2001:470:e1eb:100::/64')
> adblock_ips:addMask('10.150.99.0/24')
> adblock_ips:addMask('10.150.33.1/32')
> adblock_ips:addMask('10.150.33.211/32')
> adblock_ips:addMask('10.150.33.212/32')
> addAction(NetmaskGroupRule(adblock_ips), PoolAction('pihole'))
>
>
>
> addAction({'wapnet.local.lan'}, PoolAction("auth"))
>
>
> addAction(AllRule(), PoolAction('default'))
>
> -- setServerPolicy(firstAvailable)
> setServerPolicy(whashed)
>
>
>
> *Larry G. Wapnitsky*
>
>
> *E: Larry at Wapnitsky.com*
> *Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>*
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230603/f8a4777d/attachment.htm>
More information about the dnsdist
mailing list