Actions
Feature #11921
openFeature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet)
Start date:
05/14/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Description
There are use cases for the subnet module in unbound to be able to configure EDNS client subnet behavior via the
"send-client-subnet:" and "client-subnet-zone:" directives. This requires the subnet module. As of pfSense 2.5.1 this is not available.
unbound -V
Version 1.13.1
Configure line: --with-ssl=/usr --with-libexpat=/usr/local --disable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa --disable-event-api --enable-gost --with-libevent --with-pyunbound=yes --with-pythonmodule=yes LDFLAGS=-L/usr/local/lib ac_cv_path_SWIG=/usr/local/bin/swig --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.2
Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1k-freebsd 25 Mar 2021
Linked modules: dns64 python respip validator iterator
Feature request is for unbound to be compiled with "--enable-subnet" to facilitate this.
Reference 1: https://nlnetlabs.nl/svn/unbound/branches/edns-subnet/doc/README.ecs
Reference 2: https://datatracker.ietf.org/doc/rfc7871/
Actions