ECS-IP in the RPZ-Log?
Mark Andrews
marka at isc.org
Wed Oct 27 23:13:52 UTC 2021
Submit a issue at https://gitlab.isc.org/
> On 28 Oct 2021, at 01:00, Tom <lists at verreckte-cheib.ch> wrote:
>
> Hi
>
> Using BIND-9.16.21. I'm wondering, if it's possible to have the ECS client IP address in the RPZ log.
> In front of our BIND, which has an RPZ configuration, is a dnsdist, which inject the ECS-IP.
>
> BIND could log the ECS-IP with the builtin "querylog" (rndc querylog on). In the following example, the effective client-IP is 172.16.16.33/32, which is logged fine here:
> 27-Oct-2021 15:41:27.940 queries: info: client @0x7f3db81aa0f8 127.0.0.1#44353 (example.ch): query: example.ch IN A +E(0)K (127.0.0.1) [ECS 172.16.16.33/32/0]
>
>
> But in the RPZ log, I can correctly see only the dnsdist IP and not the one from the effective source (172.16.16.33):
> 27-Oct-2021 15:41:27.940 rpz: info: client @0x7f3db81aa0f8 127.0.0.1#44353 (example.ch): rpz QNAME NXDOMAIN rewrite example.ch/A/IN via example.ch.blacklist-rpz.test.local
>
> Is there a way to have/see the ECS-IP in the RPZ log?
>
> Many thanks.
> Kind regards,
> Tom
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list