ECS subnet
Rainer Duffner
rainer at ultra-secure.de
Thu Mar 27 08:28:24 UTC 2025
> Am 25.02.2025 um 01:06 schrieb Evan Hunt <each at isc.org>:
>
> On Tue, Feb 18, 2025 at 08:40:53AM +0100, Rainer Duffner wrote:
>>> ECS is not supported in the open source version of BIND so I guess
>>> it might not get logged.
>
> The open source version doesn't *send* client-subnet requests,
> or cache the responses differently depending on client-subnet data
> included in a response.
>
> However, it does recognize the option, and it will log it when it
> sees it. Turn on query logging and, if there are ECS options present
> in responses, you should see things like "[ECS 192.168/16/0]" in the
> log.
>
> I don't know if this is any help to you, though. I don't think I've
> understood what you're trying to do.
Hi,
it turns out, that to use the send-client-subnet option in unbound, it has to be compiled with the „subnetcache“ module - which is apparently not happening by default on FreeBSD.
Once I rebuilt unbound with that option and passed the right IP for the downstream-server, the actual source IPs did show up.
Thanks a lot for hint!
Rainer
More information about the bind-users
mailing list