Encapsulating Requester IP in the DNS payload

Mark Andrews marka at isc.org
Tue Jul 18 21:58:56 UTC 2017

In message <CAN9uivGSnoW-JX6i8MYtACi8JspdOqN_0Xu_vHvvvfPcNwwhUg at mail.gmail.com>, Asher Collings writes:
> Hello everyone,
> Long time subscriber first time poster. I have a POC I'm working on where
> I'm trying to add the requesters internal IP into the DNS packet. There are
> posts everywhere stating that this is possible with edns but there are no
> howto's.
> I was wondering if anyone has tried to do this using bind 9.10 and if so
> what road blocks did you run into and were you finally able to do it? Most
> importantly if you did get this to work how?
> Thanks in advance for your time and information

You are looking for ECS (RFC 7871) support.  BIND has partial support.
Note: ECS has privacy issues.

BIND 9.11
	authoritative: geoip-use-ecs
	acl: ecs

The following is the official position on ECS recursive support in

Wed, 19 Apr 2017

We have implemented ECS for recursive queries in 9.10.5-S, the subscriber 
preview edition of BIND, which will be released today. For now, ECS recursion 
is available only to users with a support contract with ISC. Development of 
this feature was a significant effort, sponsored by an OEM user of BIND. As 
part of the agreement with the sponsor, we agreed to embargo the feature from 
the open source until 2018.

Victoria Risk
Internet Systems Consortium
vi... at isc.org

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list