From fb2c0e4dcb1c55518ddfc3273f9043b4974c10f8 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 10 Sep 2024 09:39:36 +0200 Subject: [PATCH] dnsdist: Apply Otto's suggestions to the documentation Co-authored-by: Otto Moerbeek --- pdns/dnsdistdist/docs/advanced/zero-scope.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/dnsdistdist/docs/advanced/zero-scope.rst b/pdns/dnsdistdist/docs/advanced/zero-scope.rst index fe31e0036ddb..dbce6d368483 100644 --- a/pdns/dnsdistdist/docs/advanced/zero-scope.rst +++ b/pdns/dnsdistdist/docs/advanced/zero-scope.rst @@ -1,7 +1,7 @@ EDNS Client Subnet Zero Scope ================================== -As described in :doc:`Passing the source address to the backend `, :program:`dnsdist` can add an ``EDNS`` Client Subnet option to an incoming query to provide the downstream server with the address of the client talking to it. The downstream server can then potentially use this knowledge to reply with a response that has been tailored for this specific client, and should not be served to any other client. By default :program:`dnsdist` ensures that such a response is only served to intended client from its internal packet cache, including the added ``EDNS`` Client Subnet option in the data that is hashed to compute the cache key. This is the safest option, but is not optimal because some responses were not actually tied to a specific client and could have been used for all of them. The downstream server can signal this by setting the scope in the ``EDNS`` Client Subnet option included in the response. +As described in :doc:`Passing the source address to the backend `, :program:`dnsdist` can add an ``EDNS`` Client Subnet option to an incoming query to provide the downstream server with the address of the client talking to it. The downstream server can then potentially use this knowledge to reply with a response that has been tailored for this specific client, and should not be served to any other client. By default :program:`dnsdist` ensures that such a response is only served to intended client from its internal packet cache, including the added ``EDNS`` Client Subnet option in the data that is hashed to compute the cache key. This is the safest option, but is not optimal because some responses were not actually tied to a specific client subnet and could have been used for all of them. The downstream server can signal this by setting the scope in the ``EDNS`` Client Subnet option included in the response. This is where the zero-scope feature comes to play, allowing :program:`dnsdist` to parse and detect that a response sent by the backend has a scope value set to ``0``, indicating that the answer is not specific to a given client subnet and can be used for all of them. :program:`dnsdist` will then store the answer in its packet cache using the initial query as the key, before the ``EDNS`` Client Subnet option has been added.