From: Pieter Lexis Date: Tue, 23 Aug 2016 15:50:27 +0000 (+0200) Subject: rec: document edns-subnet-whitelist X-Git-Tag: dnsdist-1.1.0-beta1~6^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b35958cc16131f905cbc42af948190cf36839ebc;p=thirdparty%2Fpdns.git rec: document edns-subnet-whitelist Closes #4275 --- diff --git a/docs/markdown/recursor/settings.md b/docs/markdown/recursor/settings.md index b0d61302fa..5fd2fa51e6 100644 --- a/docs/markdown/recursor/settings.md +++ b/docs/markdown/recursor/settings.md @@ -232,6 +232,15 @@ This setting can be used to expand or reduce the limitations. This is the value set for the EDNS0 buffer size in outgoing packets. Lower this if you experience timeouts. +## `edns-subnet-whitelist` +* Comma separated list of domain names and netmasks +* Default: (none) + +List of netmasks and domains that [EDNS Client Subnet](https://tools.ietf.org/html/rfc7871) should be enabled for in outgoing queries. +For example, an EDNS Client Subnet option containing the address of the initial requestor will be added to an outgoing query sent to server 192.0.2.1 for domain X if 192.0.2.1 matches one of the supplied netmasks, or if X matches one of the supplied domains. +The initial requestor address will be truncated to 24 bits for IPv4 and to 56 bits for IPv6, as recommended in the privacy section of RFC 7871. +By default, this option is empty, meaning no EDNS Client Subnet information is sent. + ## `entropy-source` * Path * Default: /dev/urandom