Hi, thanks a lot for your suggestion. I tried and I'm happy to report that it indeed solved the problem :-)
For the record, and in case it could help someone else, as I want LUA records working at the client IP level of granularity, for all my LAN clients (subnet 10.0.0.0/8) for the 'home' zone, I added the following in recursor.conf: ecs-ipv4-bits=32 ecs-add-for=10.100.0.0/16 edns-subnet-whitelist=home When you do that, you see the extra info attached to the requests in the logs. Still no effect, though. For the auth server to actually use that info, add the following in pdns.conf: edns-subnet-processing=yes and it starts to work! Thanks again Guillaume On Sat, Sep 29, 2018 at 2:48 PM Brian Candler <[email protected]> wrote: > On 29/09/2018 13:42, Brian Candler wrote: > > Note that the default resolution is /24, i.e. you only get the top 24 > > bits of the client IP address, but if you need more specific > > information you can change this setting (ecs-ipv4-bits) > > But beware that setting it too fine will have a big negative impact on > your DNS cache - since it'll have to make and store separate recursive > queries for clients within each range. > > Also, make sure edns-subnet-whitelist contains only your own domains or > authoritative server IPs, so that general web browsing does not make > separate queries for each client subnet. > >
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
