]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a466a41) | patch
auth: Trust EDNS Client Subnet from a trusted notification proxy 4214/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 20 Jul 2016 13:59:49 +0000 (15:59 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 20 Jul 2016 14:10:25 +0000 (16:10 +0200)
commita94fe494fb28b1bed101404977eff53fd90bccc3
tree2cd38be02df2e431cd4f041db1fad6492e7870c2tree
parenta466a4168ee0a215ad220fb2ada1532e30121817commit | diff
auth: Trust EDNS Client Subnet from a trusted notification proxy

This allows for example the use of dnsdist in front of supermaster
slaves.
dnsdist must be configured to send ECS to the backend with:
* `useClientSubnet=true` on the corresponding `newServer()`
* `setECSSourcePrefixV4(32)` and/or `setECSSourcePrefixV6(128)` so
the exact source is sent to the slave
* `setECSOverride(true)` so that any existing ECS information is
overridden

In addition, pdns must be configured to accept notification from
dnsdist with `trusted-notification-proxy` and to process ECS with
`edns-subnet-processing=yes`.
pdns/packethandler.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.