Maintained by: NLnet Labs

[Unbound-users] How to config whitelist for EDNS client subnet in unbound

Yuri Schaeffer
Thu Dec 18 09:32:09 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kun YU,

> Initial test shows that unbound indeed can process ECS queries but
> I cannot figure out how to config a white list of servers that
> support ECS in the config file.

The unbound.conf man page should have what you are looking for. ECS
relevant bits:

"""

send-client-subnet: <IP address>
Send client source address to this authority. Append /num to indicate a
classless delegation  netblock, for  example  like 10.2.3.4/24 or
2001::11/64. Can be given multiple times. Authorities not listed will
not receive edns-subnet information.

client-subnet-opcode: <number>
Specify positive integer smaller than 65536. Defaults to 8.

max-client-subnet-ipv6: <number>
Specifies the maximum prefix length of the client source address we are
willing to expose to third par? ties for IPv6. Defaults to 64.

max-client-subnet-ipv4: <number>
Specifies the maximum prefix length of the client source address we are
willing to expose to third par? ties for IPv4. Defaults to 24.

"""

Regards,
Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSSkQkACgkQI3PTR4mhavgfAACcDNzIkYT05VDqALlZ+3U6mjWD
C74AoJqHDIs1B9yY+PyaZxstda1W0cFF
=c5qG
-----END PGP SIGNATURE-----