[Pdns-users] pdns-recursor ecs support config designs
Brian Candler
b.candler at pobox.com
Tue Nov 8 09:44:22 UTC 2022
On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote:
> The CDN services work correctly when a branch uses the ISP-assigned
> DNS for that specific branch/link. But as mentioned, it's difficult to
> manage these DNS entries when you have many branches across the world
> (180 sites with 2 different ISP links at each site). It would be much
> easier if we had a central recursor that could use ecs to determine
> geo-located services for each branch.
The central recursor would be able to see the source IP addresses of all
the clients, correct? Would it see the public (post NAT) or internal
address (e.g. site-to-site VPN)?
The recursor itself doesn't "use ecs" as such, but it could *pass* the
client's IP address via ecs to the authoritative servers. However,
whether the authoritative servers use that information or not is not
within your control. They may ignore it, and look at the source IP
address of the request only (i.e. the IP address of your recursor). In
which case, you're stuck.
In any case, getting clients to use a local DNS cache would be much
better for resilience and performance than routing all queries via a
central recursor.
More information about the Pdns-users
mailing list