ECS-IP in the RPZ-Log?
Tom
lists at verreckte-cheib.ch
Wed Oct 27 14:00:34 UTC 2021
Hi
Using BIND-9.16.21. I'm wondering, if it's possible to have the ECS
client IP address in the RPZ log.
In front of our BIND, which has an RPZ configuration, is a dnsdist,
which inject the ECS-IP.
BIND could log the ECS-IP with the builtin "querylog" (rndc querylog
on). In the following example, the effective client-IP is
172.16.16.33/32, which is logged fine here:
27-Oct-2021 15:41:27.940 queries: info: client @0x7f3db81aa0f8
127.0.0.1#44353 (example.ch): query: example.ch IN A +E(0)K (127.0.0.1)
[ECS 172.16.16.33/32/0]
But in the RPZ log, I can correctly see only the dnsdist IP and not the
one from the effective source (172.16.16.33):
27-Oct-2021 15:41:27.940 rpz: info: client @0x7f3db81aa0f8
127.0.0.1#44353 (example.ch): rpz QNAME NXDOMAIN rewrite example.ch/A/IN
via example.ch.blacklist-rpz.test.local
Is there a way to have/see the ECS-IP in the RPZ log?
Many thanks.
Kind regards,
Tom
More information about the bind-users
mailing list