unbound icon indicating copy to clipboard operation
unbound copied to clipboard
verified publisher icon NLnetLabs

[Feature request] Add Proxy Protocol support

Open ArnGa opened this issue 5 years ago • 1 comments

Hello, When Unbound is behind a DNS proxy, the client's IP address cannot be used by Unbound (rpz log or ACL for example). To correct this problem, it could be interesting to develop the support of the "Proxy Protocol" in Unbound in order to really take into account the positioning of Unbound in backend. The "Proxy Protocol" was developed by HAProxy (https://www.haproxy.org/download/2.2/doc/proxy-protocol.txt) but it is agnostic and is not specific to HTTP. The DNS proxy DNSDist implements this protocol in its latest version (https://dnsdist.org/advanced/proxyprotocol.html) and it would be a big plus if it was possible to make Unbound compatible.

Regards

ArnGa avatar Sep 16 '20 08:09 ArnGa

This could potentially also be useful for unbound DoH behind a reverse proxy.

alexrsagen avatar Apr 26 '22 16:04 alexrsagen

This is closed by #760; PROXYv2 is part of Unbound 1.17.0.

gthess avatar Dec 07 '22 09:12 gthess

For DoH that could be another feature where HTTP headers are used instead of PROXYv2 to pass along client information.

gthess avatar Dec 07 '22 09:12 gthess