[Unbound-users] How to config whitelist for EDNS client subnetin unbound
miek at miek.nl
Tue Jan 6 15:16:23 UTC 2015
[ Quoting <yukun2005 at gmail.com> in "Re: [Unbound-users] How to config w..." ]
>> this is effectively the text in the draft:
>> If the address of the client does not match any network in the cache,
>> then the Recursive Resolver MUST behave as if no match was found and
>> perform resolution as usual. This is necessary to avoid suboptimal
>> replies in the cache from being returned to the wrong clients, and to
>> avoid a single request coming from a client on a different network
>> from polluting the cache with a suboptimal reply for all the users of
>> that resolver.
>> This is why I believe compiling a list of DNS servers who support client
>subnet is not enough. There should be another option to config a list of
>domains which supports client subnet. Any records in these domains should
>be cached in secondary cache instead of the primary one.
While I can see where you are coming from, but hardcoding this in a config
file is not an option.
More information about the Unbound-users