Unbound-users Digest, Vol 65, Issue 2

Mon May 12 08:58:33 UTC 2025

Thanks for the detailed information

On Tue, May 6, 2025 at 12:00 PM <unbound-users-request at lists.nlnetlabs.nl>
wrote:

> Send Unbound-users mailing list submissions to
>         unbound-users at lists.nlnetlabs.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
> or, via email, send a message with subject or body 'help' to
>         unbound-users-request at lists.nlnetlabs.nl
>
> You can reach the person managing the list at
>         unbound-users-owner at lists.nlnetlabs.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Unbound-users digest..."
>
>
> Today's Topics:
>
>    1. Re: ECS implementation in Unbound and Privacy Concerns
>       (Yorgos Thessalonikefs)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 5 May 2025 15:19:42 +0200
> From: Yorgos Thessalonikefs <yorgos at nlnetlabs.nl>
> To: unbound-users at lists.nlnetlabs.nl
> Subject: Re: ECS implementation in Unbound and Privacy Concerns
> Message-ID: <9001365d-0daa-4261-aa60-54ab0f7e2d72 at nlnetlabs.nl>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi Isaac,
>
> I believe this message comes from running unbound-checkconf.
> The message there was less clear than running unbound itself; I have
> synced both messages now to make more sense:
>
> https://github.com/NLnetLabs/unbound/commit/5dd14e26443a3801eea1e04cd650822183fe4762
>
> The error is there because the subnetcache module is not compiled in by
> default.
> If you want to compile it you need to use '--enable-subnet' in your
> ./configure line.
>
> With all that said, are you sure ECS is going to help in your use case?
> ECS is only useful when the resolver and the clients are on different
> regions; think open public resolvers.
>
> If that is not your use case and instead Unbound is close to the clients
> it serves, ECS will hamper performance for no real benefit.
>
> As for ECS and privacy concerns, you can read the ECS section in the
> manpage or also online at
>
> https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#edns-client-subnet-module-options
> for the latest version.
> Unbound by default masks /24 for IPv4 and /56 for IPv6 (the max-client-*
> options).
>
> Performance is impacted because of the extra caching functionality ECS
> imposes (cache per IP network segments), and the singularity of the
> client queries since different networks may yield different responses
> for the same query. That means queries that could have been aggregated
> without ECS because they have the same question, with ECS they are
> treated as separate queries because their client information may yield
> different results.
>
> Best regards,
> -- Yorgos
>
> On 05/05/2025 12:35, sir izake via Unbound-users wrote:
> > Dear All,
> >
> > I have Unbound 1.20 DNS recursive? resolver. I intend to enable ECS to
> > improve geo-location response to CDN resources.
> >
> > Unfortunately,? i got below error after i enabled subnetcache in modules
> >
> > module-config: "respip validator subnetcache iterator"
> >
> > fatal error: module_conf lists module 'subnetcache' but that module is
> > not available
> >
> > How do I get this to work?
> >
> > If anyone has successfully set this up in their environment, how did you
> > minimize exposure to users IP info. Did you observe any performance
> > related issues?
> >
> > Warm?regards
> > Isaac
> >
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
>
>
> ------------------------------
>
> End of Unbound-users Digest, Vol 65, Issue 2
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20250512/fa949412/attachment.htm>