bring clientip to the authoritative server
Hey Guys, I have a cache, which can cache the client's domain name request and forward the client ip to my bind authority service in the form of ecs to hit views. But I know that after bind 9.13, authoritative ecs functionality is not supported. So I've been unable to upgrade the bind version. What else can I do to forward the client ip to my authoritative bind and hit view based on acl?? PPV2 seems to be a solution direction, it can bring real client ip to authoritative bind server and hit views. But PPV2 seems to be an experimental function as well? Is there any other way? Can you give me a suggestion? Kind regards Duan-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS hiccups
Its glb in the name. On further inspection this is DNS that's on the frontend of Azure. (probably Microsoft based.) Good luck! On Wed, Apr 16, 2025 at 10:05 AM Bob McDonald wrote: > FORMER doesn't mean the environment being queried is necessarily broken. > Queries sent to these DNS servers with the +noedns switch get good replies. > > The DNS servers being queries are part of a load balancer. (gslb in the > name and 30 ms as the TTL) There is also no way of determining the DNS > software vendor or version. (well, there are ways to zero in on them...) > > The FORMERR can be resolved on your end by including SERVER statements in > your named.conf. Better yet, contact the owner of the servers in question > and let them know you are having issues. They may have something they can > implement on their end that will resolve the issue. They might even reveal > their architecture and software vendor/version. > > HTH, > > Bob > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS hiccups
FORMER doesn't mean the environment being queried is necessarily broken. Queries sent to these DNS servers with the +noedns switch get good replies. The DNS servers being queries are part of a load balancer. (gslb in the name and 30 ms as the TTL) There is also no way of determining the DNS software vendor or version. (well, there are ways to zero in on them...) The FORMERR can be resolved on your end by including SERVER statements in your named.conf. Better yet, contact the owner of the servers in question and let them know you are having issues. They may have something they can implement on their end that will resolve the issue. They might even reveal their architecture and software vendor/version. HTH, Bob -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
