DNS - forwarded for

domain-name-system iptables

Solution 1:

There is RFC 7871 which due to operational and privacy shortcomings does not yet have standards status. It uses an EDNS option which works very similar to X-Forwarded-For with the possibility to only include as many bits of the address as you deem appropriate for your usage case.

Matching this field using a firewall is going to be challenging because it is at the end of the request which means the offset is varying and the packet could be fragmented such that it cannot be identified without first reassembling the packet. Judging from the man page on my machine there seem to be no DNS specific filters in iptables.

Adding the field from a mangling rule in the firewall is going to be even more challenging. Thus you should most likely be looking for an application layer solution rather than a firewall, or avoid sending the packets through NAT.

Related

What is the minimum number of SSD drive for a tiered + mirrored storage spaces volume?
iscsi Windows Server hyper-v cluster
Specifying a VPC in a CloudFormation template for an EC2 instance
esxi vmdk out of disk space
Use of unused pairs in cat5 ethernet cables? [duplicate]
How to crash a single process in Linux?
Wordpress, nginx, php-fpm: XML-RPC not working
Microsoft Hypervisor: Can we map LUNs directly to VM like VMWare RDM using HyperV's Virtual Fibre Channel Feature?
What is MySQL "Key Efficiency"
Why does a small change to this Scala code make such a huge difference to performance?
The imported project Microsoft.WebApplications.targets was not found
git, filter-branch on all branches