views

[Nico CARTRON]

Hi Grant,

On 19-Apr-2017 15:59 BST, <bind-users at lists.isc.org> wrote:

> On 04/19/2017 03:37 AM, Tony Finch wrote:
> > This is what the EDNS client subnet option is about. You can use it in
> > BIND by adding "ecs" clauses to your address match lists for views or
> > acls. However it isn't documented in the ARM and it has significant
> > problems. See
> > https://kb.isc.org/article/AA-01432/0/BIND-9.11.0-Release-Notes.html
> > and especially
> > https://kb.isc.org/article/AA-01480/0/BIND-9.11.1rc3-Release-Notes.html
> 
> The only occurrences I found for "ecs" on the two release notes didn't
> include more details about how to configure views to use it.  

As pointed out by Tony, it is not document in the ARM, so you need to dig a
little bit :)

Googling a little, you'll find things such as:

acl ecs-area01 { ecs 192.168.164.0/24; }
acl no-ecs-area01 { 192.168.164.0/24; };

and then you can use these ACLs as part of your DNS views.

> Nor did I see
> details on how to have BIND send ECS with queries when it's a recursive
> server.  

As far as I know, ECS for Recursive queries is not yet implemented by ISC, or
at least it is not publicly available.

> I'd also like to see if it's possible to have dig send ECS info.

+edns / +noedns , but you'll need a recent dig version.

Cheers,

-- 
Nico