Encapsulating Requester IP in the DNS payload

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Encapsulating Requester IP in the DNS payload

Asher Collings
Hello everyone,

Long time subscriber first time poster. I have a POC I'm working on where I'm trying to add the requesters internal IP into the DNS packet. There are posts everywhere stating that this is possible with edns but there are no howto's. 

I was wondering if anyone has tried to do this using bind 9.10 and if so what road blocks did you run into and were you finally able to do it? Most importantly if you did get this to work how?

Thanks in advance for your time and information

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Encapsulating Requester IP in the DNS payload

Mark Andrews

In message <[hidden email]>, Asher Collings writes:

>
> Hello everyone,
>
> Long time subscriber first time poster. I have a POC I'm working on where
> I'm trying to add the requesters internal IP into the DNS packet. There are
> posts everywhere stating that this is possible with edns but there are no
> howto's.
>
> I was wondering if anyone has tried to do this using bind 9.10 and if so
> what road blocks did you run into and were you finally able to do it? Most
> importantly if you did get this to work how?
>
> Thanks in advance for your time and information

You are looking for ECS (RFC 7871) support.  BIND has partial support.
Note: ECS has privacy issues.

BIND 9.11
named:
        authoritative: geoip-use-ecs
        acl: ecs
dig:
        +subnet

The following is the official position on ECS recursive support in
named:

Wed, 19 Apr 2017

We have implemented ECS for recursive queries in 9.10.5-S, the subscriber
preview edition of BIND, which will be released today. For now, ECS recursion
is available only to users with a support contract with ISC. Development of
this feature was a significant effort, sponsored by an OEM user of BIND. As
part of the agreement with the sponsor, we agreed to embargo the feature from
the open source until 2018.

Victoria Risk
Internet Systems Consortium
[hidden email]

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...