From 9f421b03e4707003270b5de2075baa9bb0f0e139 Mon Sep 17 00:00:00 2001 From: Chris Hofstaedtler Date: Sat, 6 Jan 2018 15:21:50 +0100 Subject: [PATCH] ecs-add-for: add better wording from @rgacogne --- pdns/recursordist/docs/settings.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index 0af916603..e7e3fb525 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -331,9 +331,11 @@ Queries to addresses for zones as configured in any of the settings `forward-zon - Comma separated list of netmasks - Default: 0.0.0.0/0, ::, !127.0.0.0/8, !10.0.0.0/8, !100.64.0.0/10, !169.254.0.0/16, !192.168.0.0/16, !172.16.0.0/12, !::1/128, !fc00::/7, !fe80::/10 -List of requestor netmasks for which the requestor IP Address should be used as the :rfc:`EDNS Client Subnet <7871>` for outgoing queries. Instead, `ecs-scope-zero-address`_ would be used. +List of requestor netmasks for which the requestor IP Address should be used as the :rfc:`EDNS Client Subnet <7871>` for outgoing queries. Outgoing queries for requestors that do not match this list will use the `ecs-scope-zero-address`_ instead. Valid incoming ECS values from `use-incoming-edns-subnet`_ are not replaced. +Regardless of the value of this setting, ECS values are only sent for outgoing queries matching the conditions in the `edns-subnet-whitelist`_ setting. This setting only controls the actual value being sent. + This defaults to not using the requestor address inside RFC1918 and similar "private" IP address spaces. .. _setting-ecs-ipv4-bits: -- 2.40.0