Deprecated DSCP support
Petr Špaček
pspacek at isc.org
Thu Feb 29 09:21:53 UTC 2024
On 28. 02. 24 13:50, Balazs Hinel (Nokia) via bind-users wrote:
> I am working on a product in Nokia, and we currently use BIND provided by Rocky Linux 8 with security patches. Recently the requirement came that we should upgrade to at least 9.16. During the testing of this version we realized that a feature we used, DSCP, has stopped working. Reading about the topic, we found the article about it non-operational in 9.16, and removal in 9.18.
>
> We also saw the email on this mailing list, stating that "so far, nobody has noticed" it is missing. Well, we noticed it just now, and I would like to state that our product and most probably other telecom equipments using BIND would miss it greatly. As I read in that mail, there was an alternative plan which would re-implement this functionality. If it is feasible, please consider doing it. The alternative options, e.g. setting it via iptables cannot work in our use-case.
Could you please explain why it's not possible?
Maybe I'm naive, but something like
iptables -t mangle -A ... -p udp --dport 53 -j DSCP --set-dscp-class ...
seems like sensible approach to me, and actually in the right place of
networking stack.
We are hesitant to (re)introduce complexity and layering violations
without rock solid use-case without existing alternatives.
--
Petr Špaček
Internet Systems Consortium
More information about the bind-users
mailing list