[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: Re: Recognizing remote IP in shared connections
From: Matus UHLAR - fantomas <uhlar () fantomas ! sk>
Date: 2017-02-28 14:26:25
Message-ID: 20170228142625.GA23221 () fantomas ! sk
[Download RAW message or body]
On 28.02.17 14:35, Job wrote:
> for policies purpuose, we need to know which remote site is resolving a Bind 9.x \
> public DNS Server. The problem occurs when some carriers "share" the same IP \
> address between more customers and they surf behind a shared NAT.
> Is there a way? Perhaps with DNS crypt o dnssec?
not with dnssed. You can configure DNS client and DNS server to communicate
using encryption (and thus verifying each other), but in such case, VPN is
much better to achieve whatever you want.
Otherwise, you can not do that. DNS servers don't give* information about
clients they are forwarding for. Neither do DNS clients say that.
Also - since the DNS uses caching, answer provided to a remote client would
be provided to multipld DNS clients accessing the cache.
*To be more precise, there IS an extension to indicate clients subnet but
it's not usable for this purpose.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from \
this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic