From: Andreas Jakum <aj-gh@users.noreply.github.com>
Date: Tue, 3 Aug 2021 07:56:50 +0000 (+0200)
Subject: dnsdist: Document that setECSOverride has drawbacks under certain conditions.
X-Git-Tag: dnsdist-1.7.0-alpha1~73^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10626%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Document that setECSOverride has drawbacks under certain conditions.
---

diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst
index ec5debb4ea..101d68fc15 100644
--- a/pdns/dnsdistdist/docs/reference/config.rst
+++ b/pdns/dnsdistdist/docs/reference/config.rst
@@ -436,7 +436,8 @@ EDNS Client Subnet
 
 .. function:: setECSOverride(bool)
 
-  When ``useClientSubnet`` in :func:`newServer` is set and dnsdist adds an EDNS Client Subnet Client option to the query, override an existing option already present in the query, if any
+  When ``useClientSubnet`` in :func:`newServer` is set and dnsdist adds an EDNS Client Subnet Client option to the query, override an existing option already present in the query, if any.
+  Note that it's not recommended to enable ``setECSOverride`` in front of an authoritative server responding with EDNS Client Subnet information as mismatching data (ECS scopes) can confuse clients and lead to SERVFAIL responses on downstream nameservers.
 
   :param bool: Whether to override an existing EDNS Client Subnet option present in the query. Defaults to false