Configure unbound to send correct ECS like Google Public DNS

Igor Sverkos igor.sverkos at gmail.com
Fri Aug 12 17:24:50 UTC 2022


> You'd still have to get that tunnel endpoint information from your VPN infrastructure into your internal resolver in some way

Like said, this wouldn't be a problem: These users are already getting
IP addresses from different ranges so they can be distinguished. This
will allow unbound to assign different "tags" to them and based on
these tags you can assign different settings in unbound. But I didn't
find any setting to tell unbound which IP address should be included
in the request.


> More broadly, this feels like a hole that you can either get out of or dig deeper.

Yeah, for now this is just a theoretical problem for me because we
don't have so many employees traveling around the world. But when I
read about EDNS/ECS I thought this could still help us (but again, I
don't have any data if this is really a problem for us).

I think I will call it a day for now.

Thank you for your replies! Have a good day.


-- 
Regards,
Igor


More information about the Unbound-users mailing list