[Pdns-users] pdns-recursor ecs support config designs

Robby Pedrica rpedrica at gmail.com
Tue Nov 8 13:12:08 UTC 2022 

Hi Brian

Understood re. "user ecs" vs "pass" = semantic error on my side.

And yes, a local per branch recursor would better but we have to take
installation/operational management overhead into account for doing this at
a lot of sites; as well, we're trying to move away from local
infrastructure.

I have a loaded config for table-based proxy mapping now via a
lua-config-file entry - busy testing ...

On an unrelated note (although it would certainly help with above
troubleshooting), I'm running the pdns-recursor docker image via:

powerdns/pdns-recursor-48:latest

And there doesn't seem to be any logging inside the container - am I
missing something?

Regards, Robby

On Tue, 8 Nov 2022 at 11:44, Brian Candler <b.candler at pobox.com> wrote:

> On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote:
>
> > The CDN services work correctly when a branch uses the ISP-assigned
> > DNS for that specific branch/link. But as mentioned, it's difficult to
> > manage these DNS entries when you have many branches across the world
> > (180 sites with 2 different ISP links at each site). It would be much
> > easier if we had a central recursor that could use ecs to determine
> > geo-located services for each branch.
>
> The central recursor would be able to see the source IP addresses of all
> the clients, correct?  Would it see the public (post NAT) or internal
> address (e.g. site-to-site VPN)?
>
> The recursor itself doesn't "use ecs" as such, but it could *pass* the
> client's IP address via ecs to the authoritative servers.  However,
> whether the authoritative servers use that information or not is not
> within your control.  They may ignore it, and look at the source IP
> address of the request only (i.e. the IP address of your recursor).  In
> which case, you're stuck.
>
> In any case, getting clients to use a local DNS cache would be much
> better for resilience and performance than routing all queries via a
> central recursor.
>
>

-- 
Robby Pedrica
XStore
c: +27 82 416 8696
f: +27 86 538 5810
m: rpedrica at xstore.co.za
w: http://wwww.xstore.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20221108/dc25901a/attachment.htm>

More information about the Pdns-users mailing list