EDNS Client Subnet and Cache

[adrianmace]

Hey team,

Scenario: I run adguardhome on a public cloud instance and configure 4 households to make use of this for their DNS. They connect on public IPs.

Family 1: 179.x.y.z
Family 2: 202.x.y.z
Family 3: 186.x.y.z

Question: When I have Enable EDNS Client Subnet enabled and cache results, do the results get cached per ECS subnet or once globally.

Basically, In the above scenario, if Family 1 requested facebook.com and passed 179.x.y.0/24 as their ECS data up to the upstream, receiving a response based on that data, would it be cached for Family 2 and 3 as well (where that response may be sub-optimal?).

[dhcpserver]

Great question, curious to hear the answer.

In theory, you can't cache ECS responses because they could be different for each of your clients., I think on pihole if you have ecs enabled, you don't get caching.

It makes since. If one or your clients is in LA and one is in NYC, you wouldn't want them to get the regional CDN for Facebook. I don't think dns is going to maintain separate cache stores for each client.

You could crank up hour minimum ttl time to make the clients not query so much.

[timkgh]

You can definitely have privacy and caching with ECS:
https://medium.com/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5

[Harvester57]

Since I was asking the same question myself when I turned on optimistic caching, I'm curious to see the answer ! :) Ping @ainar-g

[ainar-g]

Apologies for the late response. AdGuard Home caches records in accordance with the ENDS0 client subnet and scope. That is, a client from a subnet should not receive items cached for a different subnet.

[Harvester57]

That's really good to hear, thanks ! And regarding optimistic caching, is the refresh also done with the cached subnet ?

[ainar-g]

As far as I know, yes. The optimistic cache also takes the client subnet into account.