[Unbound-users] How to config whitelist for EDNS client subnet in unbound
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Dec 18 08:32:09 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Kun YU,
> Initial test shows that unbound indeed can process ECS queries but
> I cannot figure out how to config a white list of servers that
> support ECS in the config file.
The unbound.conf man page should have what you are looking for. ECS
relevant bits:
"""
send-client-subnet: <IP address>
Send client source address to this authority. Append /num to indicate a
classless delegation netblock, for example like 10.2.3.4/24 or
2001::11/64. Can be given multiple times. Authorities not listed will
not receive edns-subnet information.
client-subnet-opcode: <number>
Specify positive integer smaller than 65536. Defaults to 8.
max-client-subnet-ipv6: <number>
Specifies the maximum prefix length of the client source address we are
willing to expose to third par? ties for IPv6. Defaults to 64.
max-client-subnet-ipv4: <number>
Specifies the maximum prefix length of the client source address we are
willing to expose to third par? ties for IPv4. Defaults to 24.
"""
Regards,
Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSSkQkACgkQI3PTR4mhavgfAACcDNzIkYT05VDqALlZ+3U6mjWD
C74AoJqHDIs1B9yY+PyaZxstda1W0cFF
=c5qG
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list