1

I have configured the PowerDNS server with a recursor server, I want to put some domain filtering process on the basis of client IP.

hence I want

Anytime a client making a request, so its dns-query must be with client's public IP, using that I can put a filter role for the client.

as with all other services openDNS, freeDNS are all working

Thanks in Advance.

I have used the lua script to get the client IP using the function dq.remoteaddr:toString() but using this I am getting only my dnsdist (load balancer) server IP address, not client IP address because I have configured DOH and DOT in the dnsdist server, hence all the queries are coming through dnsdist server.

abhi
  • 21
  • 2
  • Even if all parts where using the ECS DNS extension you wouldn't get the precise full IP address of originating client. So you can't do choices based on final client address if there is `dnsdist` as middle step. But look at this https://dnsdist.org/advanced/passing-source-address.html for various workarounds. – Patrick Mevzek Oct 28 '22 at 13:48
  • Fine, but how do other services like OpenDNS, and free DNS, adgaurd getting the client's IP and put the filtering rule according to their IP? Or can we get client IP using DOH or DOT ? – abhi Oct 29 '22 at 11:19
  • They are connected directly by clients. In your setup you put `dnsdist` as middle man... And yes, with DoH or DoT they will see client IP, but same problem if you put `dnsdist` as middle man, your servers will see `dnsdist` IP as source... but do read the link given. – Patrick Mevzek Oct 29 '22 at 19:46
  • yes exactly now i got succeeded to get the IP of client using Nginx DOT log, but one issue I have that I want to print that $remote_addr, using my recursor lua script.. have you any idea ? – abhi Oct 31 '22 at 10:45

0 Answers0