Encapsulating Requester IP in the DNS payload
Mark Andrews
marka at isc.org
Tue Jul 18 21:58:56 UTC 2017
In message <CAN9uivGSnoW-JX6i8MYtACi8JspdOqN_0Xu_vHvvvfPcNwwhUg at mail.gmail.com>, Asher Collings writes:
>
> Hello everyone,
>
> Long time subscriber first time poster. I have a POC I'm working on where
> I'm trying to add the requesters internal IP into the DNS packet. There are
> posts everywhere stating that this is possible with edns but there are no
> howto's.
>
> I was wondering if anyone has tried to do this using bind 9.10 and if so
> what road blocks did you run into and were you finally able to do it? Most
> importantly if you did get this to work how?
>
> Thanks in advance for your time and information
You are looking for ECS (RFC 7871) support. BIND has partial support.
Note: ECS has privacy issues.
BIND 9.11
named:
authoritative: geoip-use-ecs
acl: ecs
dig:
+subnet
The following is the official position on ECS recursive support in
named:
Wed, 19 Apr 2017
We have implemented ECS for recursive queries in 9.10.5-S, the subscriber
preview edition of BIND, which will be released today. For now, ECS recursion
is available only to users with a support contract with ISC. Development of
this feature was a significant effort, sponsored by an OEM user of BIND. As
part of the agreement with the sponsor, we agreed to embargo the feature from
the open source until 2018.
Victoria Risk
Internet Systems Consortium
vi... at isc.org
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list