[dns-operations] EDNS client-subnet best practice?

[Chris Adams]

What is considered current best practice for recursive servers on
enabling EDNS client-subnet?

I ask because I have a couple of recursive DNS servers at an independent
telephone company that are getting different answers for a certain large
website.  The servers are in the same subnet, but one gets an IP
apparently in another country, while the other gets an IP in a nearby
state.  The servers are configured identically (CentOS 7 with Unbound).

I emailed the website's NOC, and their response was that the issue was
that "Most likely the issue is due to EDNS not being turned on with your
DNS server."  I assume they were talking about EDNS client-subnet
(because they then gave an example dig with +subnet set).

These servers are not configured to send client-subnet to anybody
(pretty much default Unbound config).  They aren't serving clients from
outside the AS - I generally think of client-subnet as something you'd
use on a DNS server with a wide range of clients.  Is it expected that I
should be enabling EDNS client-subnet on recursive servers?

I do have some recursive servers that have a large set of clients (where
client-subnet might be useful) - should I just enable it for all
requests?  In Unbound terms, enable "client-subnet-always-forward"?

-- 
Chris Adams <cma at cmadams.net>