Project

General

Profile

Feature #11921

Feature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet)

Added by M Felden about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
DNS Resolver
Target version:
Start date:
05/14/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

There are use cases for the subnet module in unbound to be able to configure EDNS client subnet behavior via the

"send-client-subnet:" and "client-subnet-zone:" directives. This requires the subnet module. As of pfSense 2.5.1 this is not available.

unbound -V
Version 1.13.1

Configure line: --with-ssl=/usr --with-libexpat=/usr/local --disable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa --disable-event-api --enable-gost --with-libevent --with-pyunbound=yes --with-pythonmodule=yes LDFLAGS=-L/usr/local/lib ac_cv_path_SWIG=/usr/local/bin/swig --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.2
Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1k-freebsd  25 Mar 2021
Linked modules: dns64 python respip validator iterator

Feature request is for unbound to be compiled with "--enable-subnet" to facilitate this.

Reference 1: https://nlnetlabs.nl/svn/unbound/branches/edns-subnet/doc/README.ecs
Reference 2: https://datatracker.ietf.org/doc/rfc7871/

History

#1 Updated by Jim Pingle about 1 month ago

  • Target version set to Future

This is an option in the FreeBSD port already:

     SUBNET=off: Enable client subnet support

If we decide to activate this option, that's what would need changed.

Also available in: Atom PDF