On 29/09/2018 13:17, Guillaume Rozan wrote:
So I had to put the recursor in front of my auth server.
Now that I query the recusor, which in turn queries the auth server on
my behalf, the original IP of the requestor is "lost" and such rules
do not work anymore.
It sounds like you want ECS, a.k.a. the EDNS Client Subnet option
<https://tools.ietf.org/html/rfc7871.html>. I've never used it myself,
but it has been included in pdns-recursor for a while:
https://mailman.powerdns.com/pipermail/pdns-users/2015-November/011803.html
See the ecs-* options starting with:
https://doc.powerdns.com/recursor/settings.html#ecs-add-for
Note that the default resolution is /24, i.e. you only get the top 24
bits of the client IP address, but if you need more specific information
you can change this setting (ecs-ipv4-bits)
I don't know how you'd make use of it in PowerDNS Authoritative, but
hopefully it's passed through to your LUA function somehow.
HTH,
Brian.
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
