Hi Isaac,
I believe this message comes from running unbound-checkconf.
The message there was less clear than running unbound itself; I have
synced both messages now to make more sense:
https://github.com/NLnetLabs/unbound/commit/5dd14e26443a3801eea1e04cd650822183fe4762
The error is there because the subnetcache module is not compiled in by
default.
If you want to compile it you need to use '--enable-subnet' in your
./configure line.
With all that said, are you sure ECS is going to help in your use case?
ECS is only useful when the resolver and the clients are on different
regions; think open public resolvers.
If that is not your use case and instead Unbound is close to the clients
it serves, ECS will hamper performance for no real benefit.
As for ECS and privacy concerns, you can read the ECS section in the
manpage or also online at
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#edns-client-subnet-module-options
for the latest version.
Unbound by default masks /24 for IPv4 and /56 for IPv6 (the max-client-*
options).
Performance is impacted because of the extra caching functionality ECS
imposes (cache per IP network segments), and the singularity of the
client queries since different networks may yield different responses
for the same query. That means queries that could have been aggregated
without ECS because they have the same question, with ECS they are
treated as separate queries because their client information may yield
different results.
Best regards,
-- Yorgos
On 05/05/2025 12:35, sir izake via Unbound-users wrote:
Dear All,
I have Unbound 1.20 DNS recursive resolver. I intend to enable ECS to
improve geo-location response to CDN resources.
Unfortunately, i got below error after i enabled subnetcache in modules
module-config: "respip validator subnetcache iterator"
fatal error: module_conf lists module 'subnetcache' but that module is
not available
How do I get this to work?
If anyone has successfully set this up in their environment, how did you
minimize exposure to users IP info. Did you observe any performance
related issues?
Warm regards
Isaac
