All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Raymond Burkholder" <ray@oneunified.net>
To: 'Glen Huang' <heyhgl@gmail.com>, 'Jeff Kletsky' <netfilter@allycomm.com>
Cc: netfilter@vger.kernel.org
Subject: RE: How to trace IPSec packets?
Date: Thu, 1 Feb 2018 08:21:40 -0400	[thread overview]
Message-ID: <907801d39b57$379889c0$a6c99d40$@oneunified.net> (raw)
In-Reply-To: <CA5C9BDA-A6ED-48CE-8BEC-67A50DEEEB81@gmail.com>

> I initially gave bind a look, but since I just need edns-client-subnet support, I
> find dnsmasq to be a more lightweight solution. I think using unbound will
> lead to the same difficult as I did with dnsmasq: I ultimately need to map
> client’s in-tunnel ip to client’s public ip when they do dns requests inside
> ipsec, and I need to stick the public ip in ECS. So doing iptables in inevitable
> IMHO.

https://dnsdist.org/index.html is a rules based load balancer with various dns functionality.  Maybe load balancers might be a different question to ask?


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


      reply	other threads:[~2018-02-01 12:21 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-29  9:10 How to trace IPSec packets? Glen Huang
2018-01-29 10:07 ` Glen Huang
2018-01-29 12:25   ` Humberto Jucá
2018-01-29 13:12     ` Glen Huang
     [not found]       ` <CAP9CGviN_ZsMVq2M_bFvd8gkHFgF_uw-Qqb1fkokeVDALMhc7w@mail.gmail.com>
2018-01-29 15:09         ` Glen Huang
     [not found]           ` <CAP9CGvjOSrYCYNGTD2fScBac-vLG51BwcyfE5u=eKxsai625WQ@mail.gmail.com>
     [not found]             ` <CAP9CGvhH78bAfeG_RZn_kLfFzik23ETrccrGSpQxu=H2wLcpug@mail.gmail.com>
2018-01-30  4:16               ` Glen Huang
2018-01-30 18:41                 ` Jeff Kletsky
2018-01-31  4:55                   ` Glen Huang
2018-02-01 12:21                     ` Raymond Burkholder [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='907801d39b57$379889c0$a6c99d40$@oneunified.net' \
    --to=ray@oneunified.net \
    --cc=heyhgl@gmail.com \
    --cc=netfilter@allycomm.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.