[Pdns-users] Fwd: LUA records when behind the recursor
Guillaume Rozan
grozan.pub at gmail.com
Thu Oct 4 18:56:32 UTC 2018
Hi,
thanks a lot for your suggestion.
I tried and I'm happy to report that it indeed solved the problem :-)
For the record, and in case it could help someone else, as I want LUA
records working at the client IP level of granularity, for all my LAN
clients (subnet 10.0.0.0/8) for the 'home' zone, I added the following in
recursor.conf:
ecs-ipv4-bits=32
ecs-add-for=10.100.0.0/16
edns-subnet-whitelist=home
When you do that, you see the extra info attached to the requests in the
logs. Still no effect, though.
For the auth server to actually use that info, add the following in
pdns.conf:
edns-subnet-processing=yes
and it starts to work!
Thanks again
Guillaume
On Sat, Sep 29, 2018 at 2:48 PM Brian Candler <b.candler at pobox.com> wrote:
> On 29/09/2018 13:42, Brian Candler wrote:
> > Note that the default resolution is /24, i.e. you only get the top 24
> > bits of the client IP address, but if you need more specific
> > information you can change this setting (ecs-ipv4-bits)
>
> But beware that setting it too fine will have a big negative impact on
> your DNS cache - since it'll have to make and store separate recursive
> queries for clients within each range.
>
> Also, make sure edns-subnet-whitelist contains only your own domains or
> authoritative server IPs, so that general web browsing does not make
> separate queries for each client subnet.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20181004/ca41ab85/attachment.html>
More information about the Pdns-users
mailing list