[Unbound-users] How to config whitelist for EDNS client subnetin unbound

Over Dexia over at dexia.de
Tue Jan 6 15:50:24 UTC 2015


Am 06.01.2015 um 16:16 schrieb Miek Gieben:
>>> This is why I believe compiling a list of DNS servers who support client
>> subnet is not enough. There should be another option to config a list of
>> domains which supports client subnet. Any records in these domains should
>> be cached in secondary cache instead of the primary one.
> 
> While I can see where you are coming from, but hardcoding this in a config
> file is not an option.

I can see where you are coming from, but instead of viewing it as
"hardcoding ECS capabilities of domains" it could be regarded as
"marking domains for 'query ecs module first' (expensive)" ... that
would be more like a feature.
Still doesn't feel very good, admittedly a workaround for a draft not
covering difficult real-life scenarios, but would mitigate most
objections raised, wouldn't it?

regards, jo.




More information about the Unbound-users mailing list