[Pdns-users] Doubt about "edns-subnet-whitelist" directive

Brian Candler b.candler at pobox.com
Thu Aug 4 15:55:01 UTC 2016

On 04/08/2016 16:45, WANG Cui 王璀 wrote:
> I researched in the source code and find out in file: pdns_recursor.cc,
> function: getEDNSSubnetMask(), there is an if test:
> * if(g_ednsdomains.check(dn) || g_ednssubnets.match(rem)) where the
> “rem” is actually is the forwarder IP that I set by:
> * forward-zones-recurse=.=
> Of course the if test won’t pass, therefore pdns-recursor never append
> subnet option in query.

I couldn't see this setting in the current documentation, but I found 
from a previous announcement:


"It works by setting edns-subnet-whitelist to a list of domain names or
nameserver netmasks that should be getting EDNS Client Subnet queries."

So it seems to be behaving as stated: if it's a subnet, it matches 
against the remote nameserver which the query is being sent to.

More information about the Pdns-users mailing list