On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote:
The CDN services work correctly when a branch uses the ISP-assigned DNS for that specific branch/link. But as mentioned, it's difficult to manage these DNS entries when you have many branches across the world (180 sites with 2 different ISP links at each site). It would be much easier if we had a central recursor that could use ecs to determine geo-located services for each branch.
The central recursor would be able to see the source IP addresses of all the clients, correct? Would it see the public (post NAT) or internal address (e.g. site-to-site VPN)?
The recursor itself doesn't "use ecs" as such, but it could *pass* the client's IP address via ecs to the authoritative servers. However, whether the authoritative servers use that information or not is not within your control. They may ignore it, and look at the source IP address of the request only (i.e. the IP address of your recursor). In which case, you're stuck.
In any case, getting clients to use a local DNS cache would be much better for resilience and performance than routing all queries via a central recursor.
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
