I understand CDN might need a change. What I don't understand is why
single recursive cache somewhere in the middle chain should serve
different names to its clients.
On 7/13/21 8:19 AM, Xinyu Wang wrote:
> Should authoritative servers reply different way to each recursive
> server IP?
>
>
[ Classification Level: GENERAL BUSINESS ]
I've done the match-destinations/query-source thing before, but in addition
to that, it should theoretically be possible to also use a shared cache
between the views, via attach-cache. I've never played with that directive
myself, however.
Should authoritative servers reply different way to each recursive
server IP?
--sometimes, yes. especially the FQDN is using CDN.
How would be served content different? Is there reason, why remote
authoritative server changes replies based on source IP?
--again, I'll explain this based on CDN
Should authoritative servers reply different way to each recursive
server IP?
I think whatever tweaks needs to be done, they should be done on
recursive server. Whether using secondary zones or RPZ manipulation, but
I think it should not make difference to other servers in chain.
How would be
Hi Petr,
Thanks for your reply.
I was doing this because sometimes the recursive DNS has multiple IP
addresses, meanwhile ECS is not supported by a recursive BIND.
So, let's say the recursive has 2 IPs, and they are in different views on
the authoritative DNS of a certain domain.
In this case,
Hi Xinyu.
Why would you need client-facing IP address to appear on authoritative
servers? It should be more or less independent.
I think it might be possible to use views and match-destination combined
with query-source for each view. But it seems similar to running
separate bind instances. I
Hi Xinyu,
What matters is the kernel routing table for the addresses of the remote
servers. The query source address can specified by config, but the kernel will
choose which interface to use.
Maybe you can put each interface into their own routing table? How to do this
is OS dependent,
No. If you want to do that then you will need to run 3 instances.
> On 8 Jul 2021, at 17:08, Xinyu Wang wrote:
>
> Hi guys,
>
> Is it possible to make a recursive BIND send queries to authorities from the
> interface which the original query was sent to.
>
> For instance,
> the recursive
Hi guys,
Is it possible to make a recursive BIND send queries to authorities from
the interface which the original query was sent to.
For instance,
the recursive BIND is listening 3 interfaces, they are 1.1.1.1, 1.1.1.2,
and 1.1.1.3
when a recusive query arrived at 1.1.1.1, then BIND use
9 matches
Mail list logo
