[Unbound-users] How to config whitelist for EDNS client subnetin unbound

lin totopper at qq.com
Thu Dec 18 09:05:09 UTC 2014


very thanks.
Do the unbound cache the result that contain edns-client-subnet information?




------------------ Original ------------------
From:  "Yuri Schaeffer";<yuri at nlnetlabs.nl>;
Date:  Thu, Dec 18, 2014 04:32 PM
To:  "unbound-users"<unbound-users at unbound.net>; 

Subject:  Re: [Unbound-users] How to config whitelist for EDNS client subnetin unbound



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kun YU,

> Initial test shows that unbound indeed can process ECS queries but
> I cannot figure out how to config a white list of servers that
> support ECS in the config file.

The unbound.conf man page should have what you are looking for. ECS
relevant bits:

"""

send-client-subnet: <IP address>
Send client source address to this authority. Append /num to indicate a
classless delegation  netblock, for  example  like 10.2.3.4/24 or
2001::11/64. Can be given multiple times. Authorities not listed will
not receive edns-subnet information.

client-subnet-opcode: <number>
Specify positive integer smaller than 65536. Defaults to 8.

max-client-subnet-ipv6: <number>
Specifies the maximum prefix length of the client source address we are
willing to expose to third par? ties for IPv6. Defaults to 64.

max-client-subnet-ipv4: <number>
Specifies the maximum prefix length of the client source address we are
willing to expose to third par? ties for IPv4. Defaults to 24.

"""

Regards,
Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSSkQkACgkQI3PTR4mhavgfAACcDNzIkYT05VDqALlZ+3U6mjWD
C74AoJqHDIs1B9yY+PyaZxstda1W0cFF
=c5qG
-----END PGP SIGNATURE-----
_______________________________________________
Unbound-users mailing list
Unbound-users at unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20141218/a4f59087/attachment.htm>


More information about the Unbound-users mailing list