Syntax for ECS ACL Entry
Evan Hunt
each at isc.org
Thu Sep 2 18:42:38 UTC 2021
On Thu, Sep 02, 2021 at 02:26:59PM -0400, Ryan McGuire wrote:
> Thank you, in my searching I failed to come across that.
>
> Do you know if it's been replaced by something more "practical to
> deploy"? I found some discussion regarding support for "The PROXY
> Protocol" (https://www.haproxy.org/download/2.2/doc/proxy-protocol.txt)
> but I don't believe it's planned. This seems like such a common
> scenario, I'm surprised the support that was there was removed but not
> replaced by anything. I suppose it is open-source software and I'm free
> to port it into 9.16, but this isn't a big enough problem for me
> personally to justify the time spent.
We do have support for recursive ECS processing in the special-sauce
version of BIND we charge money for, but there hasn't been enough demand
for support on the authoritiatve side to make it worth the development
effort so far. But I would encourage you to put in a feature request
with details about your use case, and we'll consider it in the future.
Unfortunately, the older auth support was terribly space-inefficient,
and also didn't comply with the RFC, so it kind of had to go.
I'm not sure which of the open-source auth servers currently have ECS
support. PowerDNS maybe? And a quick google search just suggested one
called gdnsd, which I hadn't heard of before.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list