[Pdns-users] LUA records when behind the recursor

Brian Candler b.candler at pobox.com
Sat Sep 29 12:42:17 UTC 2018

On 29/09/2018 13:17, Guillaume Rozan wrote:
> So I had to put the recursor in front of my auth server.
> Now that I query the recusor, which in turn queries the auth server on 
> my behalf, the original IP of the requestor is "lost" and such rules 
> do not work anymore.
It sounds like you want ECS, a.k.a. the EDNS Client Subnet option 
<https://tools.ietf.org/html/rfc7871.html>.  I've never used it myself, 
but it has been included in pdns-recursor for a while:


See the ecs-* options starting with:

Note that the default resolution is /24, i.e. you only get the top 24 
bits of the client IP address, but if you need more specific information 
you can change this setting (ecs-ipv4-bits)

I don't know how you'd make use of it in PowerDNS Authoritative, but 
hopefully it's passed through to your LUA function somehow.



More information about the Pdns-users mailing list