Configure unbound to send correct ECS like Google Public DNS

Igor Sverkos igor.sverkos at gmail.com
Tue Aug 9 18:28:27 UTC 2022


Hi,

thank you Joe and John for your reply and your explanation.

For some reason I thought I need this to ensure my local clients will
get the "best" reply but I totally missed that the resolver will query
the authorized server from the same public net so it should already
get the same "best" reply. In other words I would tend to argue, "You
don't need this feature until you run a public resolver".

However, I am wondering if VPN users would benefit. For example, I am
currently thinking about traveling employees. If an employee is on a
business trip in the US and will connect to that network via VPN and
trying to fetch an iOS or Android update for example, while we
wouldn't route these requests through our network, they will still use
the resolver located in Europe and probably end up with an Apple or
Google mirror in Europe instead of US.


-- 
Regards,
Igor


More information about the Unbound-users mailing list