Syntax for ECS ACL Entry
Evan Hunt
each at isc.org
Thu Sep 2 18:16:37 UTC 2021
> I did compile 9.16.20 from source since the latest in Debian repos is
> 9.16.15 but the result is the same. The doc snippet in my original email
> was from 9.11 docs -- could this feature not have been brought forward
> into 9.16 at all? The only related documented removed feature is
> geoip-use-ecs.
It was actually removed in 9.14:
4952. [func] Authoritative server support in named for the
EDNS CLIENT-SUBNET option (which was experimental
and not practical to deploy) has been removed.
The ECS option is still supported in dig and mdig
via the +subnet option, and can be parsed and logged
when received by named, but it is no longer used
for ACL processing. The "geoip-use-ecs" option
is now obsolete; a warning will be logged if it is
used in named.conf. "ecs" tags in an ACL definition
are also obsolete and will cause the configuration
to fail to load. [GL #32]
Sorry about the inadequate documentation. There's a mechanism for flagging
obsolete options in named.conf and logging a useful message about them, but
it's not so straightforward when the option is still valid but the
parameters have changed.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list