On Tue, Nov 08, 2022 at 09:44:22AM +0000, Brian Candler via Pdns-users wrote:
> On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: > > > The CDN services work correctly when a branch uses the ISP-assigned DNS > > for that specific branch/link. But as mentioned, it's difficult to > > manage these DNS entries when you have many branches across the world > > (180 sites with 2 different ISP links at each site). It would be much > > easier if we had a central recursor that could use ecs to determine > > geo-located services for each branch. > > The central recursor would be able to see the source IP addresses of all the > clients, correct? Would it see the public (post NAT) or internal address > (e.g. site-to-site VPN)? > > The recursor itself doesn't "use ecs" as such, but it could *pass* the > client's IP address via ecs to the authoritative servers. However, whether > the authoritative servers use that information or not is not within your > control. They may ignore it, and look at the source IP address of the > request only (i.e. the IP address of your recursor). In which case, you're > stuck. > > In any case, getting clients to use a local DNS cache would be much better > for resilience and performance than routing all queries via a central > recursor. Agreed, running a local recursor per office is certainly something to consider. If you run those yourself you are not/less dependent on ISP setups. -Otto _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users