Hi Brian Understood re. "user ecs" vs "pass" = semantic error on my side.
And yes, a local per branch recursor would better but we have to take installation/operational management overhead into account for doing this at a lot of sites; as well, we're trying to move away from local infrastructure. I have a loaded config for table-based proxy mapping now via a lua-config-file entry - busy testing ... On an unrelated note (although it would certainly help with above troubleshooting), I'm running the pdns-recursor docker image via: powerdns/pdns-recursor-48:latest And there doesn't seem to be any logging inside the container - am I missing something? Regards, Robby On Tue, 8 Nov 2022 at 11:44, Brian Candler <b.cand...@pobox.com> wrote: > On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: > > > The CDN services work correctly when a branch uses the ISP-assigned > > DNS for that specific branch/link. But as mentioned, it's difficult to > > manage these DNS entries when you have many branches across the world > > (180 sites with 2 different ISP links at each site). It would be much > > easier if we had a central recursor that could use ecs to determine > > geo-located services for each branch. > > The central recursor would be able to see the source IP addresses of all > the clients, correct? Would it see the public (post NAT) or internal > address (e.g. site-to-site VPN)? > > The recursor itself doesn't "use ecs" as such, but it could *pass* the > client's IP address via ecs to the authoritative servers. However, > whether the authoritative servers use that information or not is not > within your control. They may ignore it, and look at the source IP > address of the request only (i.e. the IP address of your recursor). In > which case, you're stuck. > > In any case, getting clients to use a local DNS cache would be much > better for resilience and performance than routing all queries via a > central recursor. > > -- Robby Pedrica XStore c: +27 82 416 8696 f: +27 86 538 5810 m: rpedr...@xstore.co.za w: http://wwww.xstore.co.za/
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users