Hi all,
I've searched pdns docs as well as threads here but can find nothing
about how to deploy ecs or more specifically, under which circumstance
ecs can be used.
From what I understand of ecs, the recursor will forward the client's
IP with the request to the auth (or intermediate) servers so that the
auth server can respond with a result that is local (if possible) to the
client. I'm going to assume then that a public address is needed from
the client as you can't determine location info from an rfc1918 address.
Consider the following setup:
branch1 (client with private address) -> firewall/NAT+VPN (branch) ->
internet -> firewall/NAT+VPN (head office) -> recursor -> auth query ...
branch2 (client with private address) -> firewall/NAT+VPN (branch) |
etc.
In this scenario, clients at branches have their queries forwarded over
site-to-site VPN tunnels to the recursor at a head office. The client IP
the recursor sees is the client's private IP address.
Is there any possibility of getting a design like this to work with ecs?
If not, any alternatives?
Notes:
The specific pdns-recursor settings I'm looking at are:
ends-subnet-allow-list
ecs-add-for
use-incoming-edns-subnet
Regards, Robby
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
