On 08/03/2017 12:04 AM, Shawn Zhou wrote: > I don't think that's the right behavior. If Client Subnet scope set to > 0, resolver should not cache it. > unbound DNS gives me the expected output as it cache has different > entries for different client subnet. Why is pdns recursor's > implementation different?
rfc7871 states that a Client Subnet scope set to 0 should be cached and is suitable for all networks in section 7.3.1: Records that are cached as /0 because of a query's SOURCE PREFIX- LENGTH of 0 MUST be distinguished from those that are cached as /0 because of a response's SCOPE PREFIX-LENGTH of 0. The former should only be used for other /0 queries that the Intermediate Resolver receives, but the latter is suitable as a response for all networks. It also hints so in section 7.3: If no ECS option is contained in the response, the Intermediate Nameserver SHOULD treat this as being equivalent to having received a SCOPE PREFIX-LENGTH of 0, which is an answer suitable for all client addresses. Section 11.2 also states: [...] to send a matching response with SCOPE PREFIX-LENGTH set to 0 to get it cached for all hosts. I might of course be mistaken, but it seems to me that we are currently doing the right thing. -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
