Support for Extension Mechanisms for DNS ie EDNS(0) #740
Comments
|
The config file below: module-config: "iterator" module-config: "subnetcache validator iterator" It works well. |
|
This doesn't seem to be a bug. Maybe it is a feature request, but 'wanting to add additional EDNS0' is a bit vague for a feature request. |
|
@Philip-NLnetLabs Would it help to be more specific by saying the EDNS0 OPT RR? BIND supports adding EDNS0 data as detailed in the links below, but they gate this feature behind their paid version. Here is a reference to the RFC EDNS0 OPT RR for more details if that's helpful: https://www.rfc-editor.org/rfc/rfc6891#section-6.1.2 Here is a working implementation supported by OpenDNS/Cisco Umbrella that details how they use these data fields in the OPT record: A unique device ID and client internal IP can be embedded into the EDNS0 OPT record for the purpose of logging and applying customer-specified security policies at the OpenDNS resolver. |
|
Any updates on this? I'd love to make sure I'm forwarding the correct data since EDNS0 can vastly improve the performance with CDNs that are designed around GeoDNS. One example of such CDN is Netflix which works fine with public DNS resolvers like Google (8.8.8.8) or Quad9 (9.9.9.11) where ECS is supported. Edit: Looks like this is also being discussed in opnsense/tools#363 Edit 2: https://unbound.docs.nlnetlabs.nl/en/latest/search.html?q=edns-subnet |
|
@GrabbenD if you are asking for ECS support, it is already there. For arbitrary data, the closest thing in Unbound are the |
Describe the bug
The unbound-manual mentions support for RFC 6891 "Extension Mechanisms for DNS (EDNS(0))" but I don't see any reference in unbound.conf on how to utilize it. I'm wanting to add additional EDNS0 data to my client DNS requests handled by unbound.
To reproduce
n/a
Expected behavior
A clear description of how add EDNS 0 data in unbound.conf
System:
n/a
Additional information
n/a
The text was updated successfully, but these errors were encountered: