Recognizing remote IP in shared connections
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Feb 28 14:26:25 UTC 2017
On 28.02.17 14:35, Job wrote:
>for policies purpuose, we need to know which remote site is resolving a Bind 9.x public DNS Server.
>The problem occurs when some carriers "share" the same IP address between more customers and they surf behind a shared NAT.
>
>Is there a way? Perhaps with DNS crypt o dnssec?
not with dnssed. You can configure DNS client and DNS server to communicate
using encryption (and thus verifying each other), but in such case, VPN is
much better to achieve whatever you want.
Otherwise, you can not do that. DNS servers don't give* information about
clients they are forwarding for. Neither do DNS clients say that.
Also - since the DNS uses caching, answer provided to a remote client would
be provided to multipld DNS clients accessing the cache.
*To be more precise, there IS an extension to indicate clients subnet but
it's not usable for this purpose.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
More information about the bind-users
mailing list