Speakers
Description
Over the years, DNS proxies (such as dnsdist) have cooperated with
their backends to pass the real IP of the client to those backends.
edns-client-subnet has been abused for this, there was an attempt in
the IETF to standardise a new EDNS option (XPF), but DNSOP did not like
it.
Based on that, and other operational insights, PowerDNS (in dnsdist,
the Authoritative, and the Recursor) has decided to adopt the PROXYv2
protocol from the HAproxy developers (
https://www.haproxy.org/download/2.4/doc/proxy-protocol.txt), and we
know ISC has support for it on the roadmap as well.
As it would be good to have interoperability between all vendors in
this area, this talk will give a quick overview of the existing solutions, their drawbacks, and an introduction to the PROXY protocol.
