[Unbound-users] How to config whitelist for EDNS client subnetin unbound
Yuri Schaeffer
yuri at nlnetlabs.nl
Wed Jan 7 22:23:48 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/06/2015 07:32 PM, Over Dexia wrote:
> But I believe that would be mitigated by storing the no-ecs
> response with a source 0.0.0.0/0 (like Kun YU proposed) in the
> subnet cache. If all queries for that domain use this cache, the
> reply should be like intended.
Think about what having a scope netmask of 0 means:
"The most specific answer available for your source IP has the first
0 bits in common with the address 0.0.0.0"
Thus any query will match this cache entry. Which will result in the
same behaviour as the current implementation.
//Yuri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlStsfQACgkQI3PTR4mhavjOlACeLaRnZA849R3ZbZcRZcNY45dg
5uYAnAzrQzv7SsX6a44y/YM032KGk3Lm
=T1fI
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list