<div dir="ltr"><span style="color:rgb(0,0,0);font-size:13px">recall this option:"send-client-subnet: <IP address>"</span><br style="color:rgb(0,0,0);font-size:13px"><div><span style="color:rgb(0,0,0);font-size:13px">although send-client-subnet command support IP prefix, it's not easy to aggregate DNS servers that support ECS.</span></div><div><span style="color:rgb(0,0,0);font-size:13px">It's safe to assume the number of DNS servers and the number of domains that support ECS are comparable. Thus compiling a list of domains with ECS support in the config file is totally possible, especially when ECS is not wildly used nowadays. </span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 6, 2015 at 11:16 PM, Miek Gieben <span dir="ltr"><<a href="mailto:miek@miek.nl" target="_blank">miek@miek.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">[ Quoting <<a href="mailto:yukun2005@gmail.com" target="_blank">yukun2005@gmail.com</a>> in "Re: [Unbound-users] How to config w..." ]<span class=""><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
this is effectively the text in the draft:<br>
<br>
If the address of the client does not match any network in the cache,<br>
then the Recursive Resolver MUST behave as if no match was found and<br>
perform resolution as usual. This is necessary to avoid suboptimal<br>
replies in the cache from being returned to the wrong clients, and to<br>
avoid a single request coming from a client on a different network<br>
from polluting the cache with a suboptimal reply for all the users of<br>
that resolver.<br>
<br>
This is why I believe compiling a list of DNS servers who support client<br>
</blockquote>
subnet is not enough. There should be another option to config a list of<br>
domains which supports client subnet. Any records in these domains should<br>
be cached in secondary cache instead of the primary one.<br>
</blockquote>
<br></span>
While I can see where you are coming from, but hardcoding this in a config<br>
file is not an option.<br>
<br>
<br>
/Miek<br>
<br>
--<br>
Miek Gieben<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Kun YU<div>Ph.D. Candidate, Department of Electronic Engineering, Tsinghua University, Beijing, 100084, China.</div><div><span style="color:rgb(0,0,0);font-family:arial;font-size:14px;line-height:23.799999237060547px">Mobile Phone:+86 13466535220</span><br><font color="#888888"><br></font></div></div></div>
</div>