[Pdns-users] LUA records when behind the recursor
Brian Candler
b.candler at pobox.com
Sat Sep 29 12:42:17 UTC 2018
On 29/09/2018 13:17, Guillaume Rozan wrote:
> So I had to put the recursor in front of my auth server.
> Now that I query the recusor, which in turn queries the auth server on
> my behalf, the original IP of the requestor is "lost" and such rules
> do not work anymore.
It sounds like you want ECS, a.k.a. the EDNS Client Subnet option
<https://tools.ietf.org/html/rfc7871.html>. I've never used it myself,
but it has been included in pdns-recursor for a while:
https://mailman.powerdns.com/pipermail/pdns-users/2015-November/011803.html
See the ecs-* options starting with:
https://doc.powerdns.com/recursor/settings.html#ecs-add-for
Note that the default resolution is /24, i.e. you only get the top 24
bits of the client IP address, but if you need more specific information
you can change this setting (ecs-ipv4-bits)
I don't know how you'd make use of it in PowerDNS Authoritative, but
hopefully it's passed through to your LUA function somehow.
HTH,
Brian.
More information about the Pdns-users
mailing list