[Pdns-users] pdns-recursor ecs support config designs

Otto Moerbeek otto at drijf.net
Tue Nov 8 12:28:32 UTC 2022

On Tue, Nov 08, 2022 at 09:44:22AM +0000, Brian Candler via Pdns-users wrote:

> On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote:
> > The CDN services work correctly when a branch uses the ISP-assigned DNS
> > for that specific branch/link. But as mentioned, it's difficult to
> > manage these DNS entries when you have many branches across the world
> > (180 sites with 2 different ISP links at each site). It would be much
> > easier if we had a central recursor that could use ecs to determine
> > geo-located services for each branch.
> The central recursor would be able to see the source IP addresses of all the
> clients, correct?  Would it see the public (post NAT) or internal address
> (e.g. site-to-site VPN)?
> The recursor itself doesn't "use ecs" as such, but it could *pass* the
> client's IP address via ecs to the authoritative servers.  However, whether
> the authoritative servers use that information or not is not within your
> control.  They may ignore it, and look at the source IP address of the
> request only (i.e. the IP address of your recursor).  In which case, you're
> stuck.
> In any case, getting clients to use a local DNS cache would be much better
> for resilience and performance than routing all queries via a central
> recursor.

Agreed, running a local recursor per office is certainly something to consider.
If you run those yourself you are not/less dependent on ISP setups.


More information about the Pdns-users mailing list