You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
coredns support EDNS0 client subnet (ECS) to forward dns requests with "real" client ip. But its cache module does not support it: coredns/coredns#1628
In a same node, pod A resolves domain with ECS (for test or cache pollution attack or other reasons) and other pods send DNS requests without ECS (normal scenario). The cache of node-local-dns will be polluted by pod A.
As a node-level "local" dns caching service, EDNS0 client subnet should be disabled, before coredns implements per-CIDR cache or supports caching for ECS.
The text was updated successfully, but these errors were encountered:
corednssupportEDNS0 client subnet (ECS)to forward dns requests with "real" client ip. But its cache module does not support it: coredns/coredns#1628In a same node, pod
Aresolves domain withECS(for test or cache pollution attack or other reasons) and other pods send DNS requests withoutECS(normal scenario). The cache of node-local-dns will be polluted by podA.As a node-level "local" dns caching service,
EDNS0 client subnetshould be disabled, before coredns implementsper-CIDR cacheor supports caching forECS.The text was updated successfully, but these errors were encountered: