I realise this is still draft but are there any plans to add support for edns-client-subnet [http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-01\] when constructing outbound queries to other servers? .. this would also require some new config directive etc as well of course.
Paul
Hi Paul,
I realise this is still draft but are there any plans to add support for
edns-client-subnet
[http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-01\] when
constructing outbound queries to other servers? .. this would also
require some new config directive etc as well of course.
Yes, this is on our radar. We are in an advanced stage of reviewing how
this can be supported in Unbound and how its development can be funded.
Without going into details: The configuration directives are the trivial
part. The hard part is the special caching, retrieving from that cache
and query aggregation while keeping performance impact for 'regular
queries' low.
Regards,
Yuri Schaeffer
Hi,
Hi Attila,
Any news on this?
Yes. I'm currently implementing said functionality. But it is not
finished yet. It will try to get the subnet data from (whitelisted)
servers and also accepts the option on the client side of the
communication. It should work. However, the cache for the subnet
information is not yet implemented.
The code is currently under review and testing. Hopefully in a week or
so I will start with the caching part.
Regards,
Yuri Schaeffer
Thanks for the response and your work on this topic. BTW, I’m (currently) only interested in passing through the client subnet to the authoritative servers, so I can give back source IP dependent answers. I guess it’s a function, which needs little modification. Would it be possible to test this separately (if available)? Thanks, ps: currently I’m running a module inside unbound, but it turned out to be suboptimal.