On 28.02.17 14:35, Job wrote:
for policies purpuose, we need to know which remote site is resolving a Bind 
9.x public DNS Server.
The problem occurs when some carriers "share" the same IP address between more 
customers and they surf behind a shared NAT.

Is there a way? Perhaps with DNS crypt o dnssec?

not with dnssed. You can configure DNS client and DNS server to communicate
using encryption (and thus verifying each other), but in such case, VPN is
much better to achieve whatever you want.

Otherwise, you can not do that. DNS servers don't give* information about
clients they are forwarding for. Neither do DNS clients say that.


Also - since the DNS uses caching, answer provided to a remote client would
be provided to multipld DNS clients accessing the cache.

*To be more precise, there IS an extension to indicate clients subnet but
 it's not usable for this purpose.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe. _______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to