views
Tony Finch
dot at dotat.at
Wed Apr 19 09:37:50 UTC 2017
Alberto Rinaudo <alberto.rinaudo at gmail.com> wrote:
> I have a bind installation on a aws server and I'm trying to set up views
> to give different responses based on the source location.
>
> It works fine when this dns server is the first dns used by a client, I
> guess because the source address used to discriminate between views is the
> last hop.
>
> If the query goes first to google dns instead I end up in the wrong view.
>
> So here's the question: is it possible to use the original source address
> to chose the view?
This is what the EDNS client subnet option is about. You can use it in
BIND by adding "ecs" clauses to your address match lists for views or
acls. However it isn't documented in the ARM and it has significant
problems. See
https://kb.isc.org/article/AA-01432/0/BIND-9.11.0-Release-Notes.html
and especially
https://kb.isc.org/article/AA-01480/0/BIND-9.11.1rc3-Release-Notes.html
EDNS client subnet specification:
https://tools.ietf.org/html/rfc7871
Google Public DNS support for ECS on authoritative servers:
https://groups.google.com/forum/#!topic/public-dns-announce/67oxFjSLeUM
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Viking, North Utsire: Southwesterly 5 or 6, decreasing 4 at times. Slight or
moderate. Rain at times. Good, occasionally poor.
More information about the bind-users
mailing list