bring clientip to the authoritative server
Petr Špaček
pspacek at isc.org
Thu Apr 17 08:30:05 UTC 2025
On 4/16/25 19:02, Duan Duan via bind-users wrote:
> Hey Guys,
>
> I have a cache, which can cache the client's domain name request and
> forward the client ip to my bind authority service in the form of ecs to
> hit views.
>
> But I know that after bind 9.13, authoritative ecs functionality is not
> supported.
>
> So I've been unable to upgrade the bind version.
>
> What else can I do to forward the client ip to my authoritative bind and
> hit view based on acl?
>
> PPV2 seems to be a solution direction, it can bring real client ip to
> authoritative bind serverand hit views.
>
> But PPV2 seems to be an experimental function as well?
It's a new feature so it is marked experimental until we get enough
experience with it, but as far as I know there are no known bugs.
> Is there any other way? Can you give me a suggestion?
PROXY v2 protocol is the right feature to use for this.
See allow-proxy statement in named.conf:
https://bind9.readthedocs.io/en/v9.20.8/reference.html#namedconf-statement-allow-proxy
--
Petr Špaček
Internet Systems Consortium
More information about the bind-users
mailing list