[Pdns-users] Doubt about "edns-subnet-whitelist" directive
b.candler at pobox.com
Thu Aug 4 15:55:01 UTC 2016
On 04/08/2016 16:45, WANG Cui 王璀 wrote:
> I researched in the source code and find out in file: pdns_recursor.cc,
> function: getEDNSSubnetMask(), there is an if test:
> * if(g_ednsdomains.check(dn) || g_ednssubnets.match(rem)) where the
> “rem” is actually is the forwarder IP that I set by:
> * forward-zones-recurse=.=184.108.40.206
> Of course the if test won’t pass, therefore pdns-recursor never append
> subnet option in query.
I couldn't see this setting in the current documentation, but I found
from a previous announcement:
"It works by setting edns-subnet-whitelist to a list of domain names or
nameserver netmasks that should be getting EDNS Client Subnet queries."
So it seems to be behaving as stated: if it's a subnet, it matches
against the remote nameserver which the query is being sent to.
More information about the Pdns-users