Page MenuHomeVyOS Platform
Create Task
Maniphest T5687

Implement ECS settings for PowerDNS recursor
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

I run Pihole in a container on Vyos and have configured the built-in DNS forwarder to use it as an upstream. There is however no configuration option of the DNS forwarder to allow forwarding of ECS information to the upstream, which means that Pihole cannot distinguish between the clients and sees all requests as coming from the router. Adding the following options to /run/powerdns/recursor.conf solves this:

ecs-add-for=0.0.0.0/0
ecs-ipv4-bits=32
edns-subnet-allow-list=192.168.0.0/16

Therefore my kind suggestion would be to implement these configuration options into the DNS forwarder.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

a-bali created this task.Oct 26 2023, 5:50 AM
Viacheslav added a subscriber: Viacheslav.Oct 26 2023, 7:09 AM

Do you have any idea for CLI?

pasik added a subscriber: pasik.Oct 26 2023, 9:20 AM
a-bali added a comment.Oct 26 2023, 1:44 PM

I would just expose these 3 options as-is.

Apachez added a subscriber: Apachez.Oct 26 2023, 5:18 PM

For the record.

The ecs should for privacy reasons be set to disabled by default but it could be handy if wanted to be able to enable these through the VyOS config-mode.

There are more parameters which might come handy in future so a suggestion would be to put them under an options subdirectory in the CLI, something like this:

set service dns forwarding options ecs-add-for 0.0.0.0/0
set service dns forwarding options ecs-ipv4-bits 32
set service dns forwarding options edns-subnet-allow-list 192.168.0.0/16

Ref:

https://doc.powerdns.com/recursor/settings.html

https://docs.vyos.io/en/latest/configuration/service/dns.html

Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:37 PM
HollyGurza added a subscriber: HollyGurza.Jan 31 2024, 5:52 AM
Viacheslav closed this task as Resolved.Feb 6 2024, 2:55 PM
Viacheslav assigned this task to HollyGurza.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project: VyOS 1.5 Circinus.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.