On 8 Mar 2019, at 19:33, 神明達哉 wrote: > +1. It's very difficult for me to imagine how we can expect that two > "heterogenous off-the-shelf software" products can be interoperable > just because we have a standardized EDNS option code for opaque tags. > > For example, assume that an operator uses dnsdist as a DNS load > balancer and BIND 9 as backend servers with RRL, and the operator > wants to trust particular clients (identified by their IP addresses) > and bypass RRL for them. How can we expect off-the-shelf dnsdist and > off-the-shelf BIND 9 support this operation with the only assumption > being that both of them support edns-tags? Is there an implicit > assumption that: > - this version of off-the-shelf dnsdist happens to have a new > configuration option so it will add an edns-tag with setting bit X > when the client IP address matches a specified set of address list, > - this version of off-the-shelf BIND 9 happens to have a new > configuration option to skip RRL if an incoming request contains an > edns-tag option with bit X on > ?
Yes. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
