On 28. 02. 24 13:50, Balazs Hinel (Nokia) via bind-users wrote:
I am working on a product in Nokia, and we currently use BIND provided by Rocky
Linux 8 with security patches. Recently the requirement came that we should
upgrade to at least 9.16. During the testing of this version we realized that a
feature we used, DSCP, has stopped working. Reading about the topic, we found
the article about it non-operational in 9.16, and removal in 9.18.
We also saw the email on this mailing list, stating that "so far, nobody has noticed" it is missing. Well, we noticed it just now, and I would like to state that our product and most probably other telecom equipments using BIND would miss it greatly. As I read in that mail, there was an alternative plan which would re-implement this functionality. If it is feasible, please consider doing it. The alternative options, e.g. setting it via iptables cannot work in our use-case.
Could you please explain why it's not possible?
Maybe I'm naive, but something like
iptables -t mangle -A ... -p udp --dport 53 -j DSCP --set-dscp-class ...
seems like sensible approach to me, and actually in the right place of
networking stack.
We are hesitant to (re)introduce complexity and layering violations
without rock solid use-case without existing alternatives.
--
Petr Špaček
Internet Systems Consortium
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
