I'm setting ECS in dnsdist in hopes of using it in an ACL to choose a
view. The views are working well, and the ECS is read by bind9 (see log
below), but I can't seem to find a syntax for adding an ecs entry into
an acl. Here is what I've tried:
acl "filtered" {
192.168.0.90;
192.168.0.91;
192.168.0.92;
192.168.0.93;
* ecs 192.168.99.0/24;*
};
view filtered-view {
match-clients { filtered; };
{...}
When I try to start bind with this config, I get the following error:
/etc/bind/named.conf.local:6: missing ';' before '192.168.99.0'
Everything works as it should if I remove the ecs entry from the acl.
I can see the ECS is being set by dnsdist when I enable query logging:
client @0x7f21840117e8 192.168.0.1#43466 (elastic.mcguire.local): view
filtered-view: query: elastic.mcguire.local IN A +E(0) (192.168.0.5)
*[ECS 192.168.99.0/24/0]*
From the docs*:*
"An ACL containing an element of the form ecs prefix will match if a
request arrives in containing an ECS option encoding an address within
that prefix. If the request has no ECS option, then "ecs" elements are
simply ignored. Addresses in ACLs that are not prefixed with "ecs" are
matched only against the source address."*
*
I am running bind9 version 9.16.15.
Regards,
Ryan McGuire
p. 260.202.0500 <tel:260.202.0500> m. 978.501.3620 <tel:978.501.3620> f.
260.202.0420 <tel:978.501.3620>
w. www.libretechconsulting.com <https://libretechconsulting.com>
Libre Tech Consulting <https://libretechconsulting.com>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
