<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">I couldn't see this setting in the current documentation, but I found from a previous announcement:<br>
<br>
<a href="https://mailman.powerdns.com/pipermail/pdns-users/2015-November/011803.html" rel="noreferrer" target="_blank">https://mailman.powerdns.com/p<wbr>ipermail/pdns-users/2015-Novem<wbr>ber/011803.html</a><br>
<br>
"It works by setting edns-subnet-whitelist to a list of domain names or<br>
nameserver netmasks that should be getting EDNS Client Subnet queries."<br>
<br>
So it seems to be behaving as stated: if it's a subnet, it matches against the remote nameserver which the query is being sent to.<br></blockquote><div><br></div><div>This setting is not documented on <a href="https://doc.powerdns.com/md/recursor/settings/">https://doc.powerdns.com/md/recursor/settings/</a> yet.</div><div>But in the recursor.conf there is below section to control ECS:</div><div>#################################</div><div># edns-subnet-whitelist<span class="" style="white-space:pre"> </span>List of netmasks and domains that we should enable EDNS subnet for</div><div>#</div><div># edns-subnet-whitelist=</div><div><br></div><div>I confirm that like you said, it is to whitelist the forwarder (8.8.8.8 in my case), not to whitelist the requester, so my previous understanding is wrong.</div><div><br></div><div>Anyway, the setting description is quite vague, better make it more clearer to avoid such misunderstanding as I did... <br></div></div></div></div>
<br>
<font face="Arial, Helvetica, sans-serif" size="1">This e-mail and its attachments are confidential and intended for use by the above named recipient(s) only. If you are not the intended recipient, please note that any use, modification, dissemination, edition or reproduction (either in whole or partially) of this e-mail and/or its attachments, or of the information contained herein, is strictly prohibited. If you have received this e-mail by mistake, please notify the sender immediately, and immediately delete this e-mail with its attachments and any copy of it from your computer system. We do not ensure the security of electronically transmitted information. Therefore, we take no responsibility in the event this email and/or its attachments may have been for example modified, altered and/or in the case of transmission of a virus. Your communication with us through such means shall signify your acceptance of such risks. We kindly advise you to check whether this email or its attachments are free of viruses</font>