From e9cac63933ae9ddbb13a64406cff77640ab901dc Mon Sep 17 00:00:00 2001 From: Lucas Christian Date: Mon, 5 Oct 2020 14:35:17 -0500 Subject: pdns_recursor: T2964: Expose query-local-address to dns config. In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family. --- interface-definitions/dns-forwarding.xml.in | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'interface-definitions/dns-forwarding.xml.in') diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 07e63d54a..62fb8b946 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -177,6 +177,27 @@ + + + Local addresses from which to send DNS queries. + If unspecified, the querier will use any available address on + the outbound interface. + + ipv4 + IPv4 address from which to send traffic + + + ipv6 + IPv6 address from which to send traffic + + + + + + + + 0.0.0.0 :: + Use system name servers -- cgit v1.2.3