Am 06.01.2015 um 18:06 schrieb Larry Havemann: > How about adding a flag to the rrset cache for each authority. If the > flag shows ecs support pass it to that module if not send it to regular > cache. Ask every authority not in the rrset cache if it supports ecs > before sending it the query. That would induce the penalty of consulting the ecs module first for all domains supporting it, even if it isn't required by the query, which was to be avoided... Also there's Yuris objection against using ecs always: Am 06.01.2015 um 14:46 schrieb Yuri Schaeffer: > I'm afraid this would not work sufficiently. Unbound does not know > which source addresses get handled incorrectly by the authority. Thus, > if no match is found in the subnet-cache has no choice than to ask the > authority. Effectively Unbound won't be able to cache at all for the > CDN queries. But I believe that would be mitigated by storing the no-ecs response with a source 0.0.0.0/0 (like Kun YU proposed) in the subnet cache. If all queries for that domain use this cache, the reply should be like intended. regards, jo.