[Pdns-users] LUA records when behind the recursor
b.candler at pobox.com
Sat Sep 29 12:42:17 UTC 2018
On 29/09/2018 13:17, Guillaume Rozan wrote:
> So I had to put the recursor in front of my auth server.
> Now that I query the recusor, which in turn queries the auth server on
> my behalf, the original IP of the requestor is "lost" and such rules
> do not work anymore.
It sounds like you want ECS, a.k.a. the EDNS Client Subnet option
<https://tools.ietf.org/html/rfc7871.html>. I've never used it myself,
but it has been included in pdns-recursor for a while:
See the ecs-* options starting with:
Note that the default resolution is /24, i.e. you only get the top 24
bits of the client IP address, but if you need more specific information
you can change this setting (ecs-ipv4-bits)
I don't know how you'd make use of it in PowerDNS Authoritative, but
hopefully it's passed through to your LUA function somehow.
More information about the Pdns-users