From: Seth Arnold Date: Sat, 15 Jul 2023 01:21:01 +0000 (+0000) Subject: Update settings.rst -- clarify edns-subnet-allow-list X-Git-Tag: rec-5.0.0-alpha1~108^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F13032%2Fhead;p=thirdparty%2Fpdns.git Update settings.rst -- clarify edns-subnet-allow-list Try to reduce confusion about what the edns-subnet-allow-list setting does and doesn't affect. --- diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index 2d4790d7da..740c2e3a93 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -791,6 +791,8 @@ List of netmasks and domains that :rfc:`EDNS Client Subnet <7871>` should be ena For example, an EDNS Client Subnet option containing the address of the initial requestor (but see `ecs-add-for`_) will be added to an outgoing query sent to server 192.0.2.1 for domain X if 192.0.2.1 matches one of the supplied netmasks, or if X matches one of the supplied domains. The initial requestor address will be truncated to 24 bits for IPv4 (see `ecs-ipv4-bits`_) and to 56 bits for IPv6 (see `ecs-ipv6-bits`_), as recommended in the privacy section of RFC 7871. +Note that this setting describes the destination of outgoing queries, not the sources of incoming queries, nor the subnets described in the EDNS Client Subnet option. + By default, this option is empty, meaning no EDNS Client Subnet information is sent. .. _setting-entropy-source: