Hi
Using BIND-9.16.21. I'm wondering, if it's possible to have the ECS
client IP address in the RPZ log.
In front of our BIND, which has an RPZ configuration, is a dnsdist,
which inject the ECS-IP.
BIND could log the ECS-IP with the builtin "querylog" (rndc querylog
on). In the following example, the effective client-IP is
172.16.16.33/32, which is logged fine here:
27-Oct-2021 15:41:27.940 queries: info: client @0x7f3db81aa0f8
127.0.0.1#44353 (example.ch): query: example.ch IN A +E(0)K (127.0.0.1)
[ECS 172.16.16.33/32/0]
But in the RPZ log, I can correctly see only the dnsdist IP and not the
one from the effective source (172.16.16.33):
27-Oct-2021 15:41:27.940 rpz: info: client @0x7f3db81aa0f8
127.0.0.1#44353 (example.ch): rpz QNAME NXDOMAIN rewrite example.ch/A/IN
via example.ch.blacklist-rpz.test.local
Is there a way to have/see the ECS-IP in the RPZ log?
Many thanks.
Kind regards,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
