Configure unbound to send correct ECS like Google Public DNS
Joe Abley
jabley at hopcount.ca
Tue Aug 9 19:30:45 UTC 2022
Hi Igor,
How would your internal resolver know where your remote user was, or what their public address was in your example?
Easiest advice for your use case might be for people to disconnect from the VPN when they don't need it.
Joe
> On Aug 9, 2022, at 20:28, Igor Sverkos via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>
> Hi,
>
> thank you Joe and John for your reply and your explanation.
>
> For some reason I thought I need this to ensure my local clients will
> get the "best" reply but I totally missed that the resolver will query
> the authorized server from the same public net so it should already
> get the same "best" reply. In other words I would tend to argue, "You
> don't need this feature until you run a public resolver".
>
> However, I am wondering if VPN users would benefit. For example, I am
> currently thinking about traveling employees. If an employee is on a
> business trip in the US and will connect to that network via VPN and
> trying to fetch an iOS or Android update for example, while we
> wouldn't route these requests through our network, they will still use
> the resolver located in Europe and probably end up with an Apple or
> Google mirror in Europe instead of US.
>
>
> --
> Regards,
> Igor
More information about the Unbound-users
mailing list