Client-Subnet Support for 1.1.1.1

dns-resolver
#1

When will Cloudflare support CDN optimizations with client-subnet?

#2

For the time being never. This was a deliberate decision.

3 Likes
#3

1.1.1.1 supports client-subnet for .mil domains (so they are not resolved on 1.1.1.1 if a request comes from for example Russia or Vietnam).
So it is implemented.
It would be nice if any webmaster could opt-in their domains for client-subnet support.

#4

Are you for real?! .mil blocks requests from Russia :roll_eyes:

And yes, they do.

#5

Precisely speaking, they block requests from Western Russia (I tried many AS)
From Siberia it works fine.
And they know the source subnet of the request when there is Cloudflare in the middle.
I conclude that client-subnet is enabled for them

#6

Attempting to resolve a .mil domain via Yandex does result in a timeout. Good Christ, paranoia on a new level :roll_eyes:

But yes, that would suggest Cloudflare does process the client information for at least a subset of TLDs.
@cloonan?

#7

Yandex is a bad example to follow. It is heavily broken (blocked in Ukraine, etc).

And yes, we are about the feature request, about making the existing feature available to other domain/zone owners.

#8

Broken? It works fine for me, whether the Ukraine actively blocks them is a different story.

My point was to underline that .mil domains do ignore requests from Russian addresses.

#9

Well that and for the time being you’ll “never” support client-subnetting