What is considered current best practice for recursive servers on enabling EDNS client-subnet?
I ask because I have a couple of recursive DNS servers at an independent telephone company that are getting different answers for a certain large website. The servers are in the same subnet, but one gets an IP apparently in another country, while the other gets an IP in a nearby state. The servers are configured identically (CentOS 7 with Unbound). I emailed the website's NOC, and their response was that the issue was that "Most likely the issue is due to EDNS not being turned on with your DNS server." I assume they were talking about EDNS client-subnet (because they then gave an example dig with +subnet set). These servers are not configured to send client-subnet to anybody (pretty much default Unbound config). They aren't serving clients from outside the AS - I generally think of client-subnet as something you'd use on a DNS server with a wide range of clients. Is it expected that I should be enabling EDNS client-subnet on recursive servers? I do have some recursive servers that have a large set of clients (where client-subnet might be useful) - should I just enable it for all requests? In Unbound terms, enable "client-subnet-always-forward"? -- Chris Adams <[email protected]> _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
