Thanks for the detailed information On Tue, May 6, 2025 at 12:00 PM <[email protected]> wrote:
> Send Unbound-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Unbound-users digest..." > > > Today's Topics: > > 1. Re: ECS implementation in Unbound and Privacy Concerns > (Yorgos Thessalonikefs) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 5 May 2025 15:19:42 +0200 > From: Yorgos Thessalonikefs <[email protected]> > To: [email protected] > Subject: Re: ECS implementation in Unbound and Privacy Concerns > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8; format=flowed > > Hi Isaac, > > I believe this message comes from running unbound-checkconf. > The message there was less clear than running unbound itself; I have > synced both messages now to make more sense: > > https://github.com/NLnetLabs/unbound/commit/5dd14e26443a3801eea1e04cd650822183fe4762 > > The error is there because the subnetcache module is not compiled in by > default. > If you want to compile it you need to use '--enable-subnet' in your > ./configure line. > > With all that said, are you sure ECS is going to help in your use case? > ECS is only useful when the resolver and the clients are on different > regions; think open public resolvers. > > If that is not your use case and instead Unbound is close to the clients > it serves, ECS will hamper performance for no real benefit. > > As for ECS and privacy concerns, you can read the ECS section in the > manpage or also online at > > https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#edns-client-subnet-module-options > for the latest version. > Unbound by default masks /24 for IPv4 and /56 for IPv6 (the max-client-* > options). > > Performance is impacted because of the extra caching functionality ECS > imposes (cache per IP network segments), and the singularity of the > client queries since different networks may yield different responses > for the same query. That means queries that could have been aggregated > without ECS because they have the same question, with ECS they are > treated as separate queries because their client information may yield > different results. > > Best regards, > -- Yorgos > > On 05/05/2025 12:35, sir izake via Unbound-users wrote: > > Dear All, > > > > I have Unbound 1.20 DNS recursive? resolver. I intend to enable ECS to > > improve geo-location response to CDN resources. > > > > Unfortunately,? i got below error after i enabled subnetcache in modules > > > > module-config: "respip validator subnetcache iterator" > > > > fatal error: module_conf lists module 'subnetcache' but that module is > > not available > > > > How do I get this to work? > > > > If anyone has successfully set this up in their environment, how did you > > minimize exposure to users IP info. Did you observe any performance > > related issues? > > > > Warm?regards > > Isaac > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Unbound-users mailing list > [email protected] > https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users > > > ------------------------------ > > End of Unbound-users Digest, Vol 65, Issue 2 > ******************************************** >
