From: Chris Hofstaedtler Date: Sat, 6 Jan 2018 14:21:50 +0000 (+0100) Subject: ecs-add-for: add better wording from @rgacogne X-Git-Tag: dnsdist-1.3.0~152^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9f421b03e4707003270b5de2075baa9bb0f0e139;p=pdns ecs-add-for: add better wording from @rgacogne --- diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index 0af916603..e7e3fb525 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -331,9 +331,11 @@ Queries to addresses for zones as configured in any of the settings `forward-zon - Comma separated list of netmasks - Default: 0.0.0.0/0, ::, !127.0.0.0/8, !10.0.0.0/8, !100.64.0.0/10, !169.254.0.0/16, !192.168.0.0/16, !172.16.0.0/12, !::1/128, !fc00::/7, !fe80::/10 -List of requestor netmasks for which the requestor IP Address should be used as the :rfc:`EDNS Client Subnet <7871>` for outgoing queries. Instead, `ecs-scope-zero-address`_ would be used. +List of requestor netmasks for which the requestor IP Address should be used as the :rfc:`EDNS Client Subnet <7871>` for outgoing queries. Outgoing queries for requestors that do not match this list will use the `ecs-scope-zero-address`_ instead. Valid incoming ECS values from `use-incoming-edns-subnet`_ are not replaced. +Regardless of the value of this setting, ECS values are only sent for outgoing queries matching the conditions in the `edns-subnet-whitelist`_ setting. This setting only controls the actual value being sent. + This defaults to not using the requestor address inside RFC1918 and similar "private" IP address spaces. .. _setting-ecs-ipv4-bits: