<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Markus,<div class=""><br class=""></div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Nov 13, 2020, at 11:33 AM, Markus Ehrlicher via dnsdist <<a href="mailto:dnsdist@mailman.powerdns.com" class="">dnsdist@mailman.powerdns.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Hello together,<o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I have dnsdist in Version 1.5.1 installed and are successfully using some rules for blocking/slowing down queries for some subdomains:<o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">addAction(RegexRule(".*\\.subdomain\\.example\\.org$"), ERCodeAction(DNSRCode.SERVFAIL))<o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">addAction(RegexRule(".*\\.?example\\.org$"), QPSAction(10))</div></div></div></blockquote><div><br class=""></div><div>You don't need to use a RegexRule, you can just do something like this:</div><div><br class=""></div><div>addAction("<a href="http://subdomain.example.org" class="">subdomain.example.org</a> ", DropAction()) (or whatever other action you want to do).</div><blockquote type="cite" class=""><div class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">But now, I have a little more complicated task: I want to block all queries for *.<a href="http://example.org/" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">example.org</a>, except<span class="Apple-converted-space"> </span><a href="http://subdomain1.example.org/" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">subdomain1.example.org</a><span class="Apple-converted-space"> </span>and<span class="Apple-converted-space"> </span><a href="http://subdomain2.example.org/" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">subdomain2.example.org</a>.<o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I tried it with some Online Regex-Tools (<a href="https://regex101.com/r/Y2sXP8/3" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">https://regex101.com/r/Y2sXP8/3</a>), but these rule is not accepted by dnsdist. I know that the incasesensitive-flag isn’t needed in dnsdist, but this was for testing. Is there a good documentation about the regex escpecially for dnsdist or is my problem not solvable with dnsdist regex?<o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div></div></blockquote><br class=""></div></div><div>The first action that matches, will be executed. So if you first add the domains that should get trough (assign them to a pool for instance), then then the action that should block / servfail / tc=1 / rate limit. / .... you should be fine.</div><div><br class=""></div><div>Kind Regards,</div><div><br class=""></div><div>Frank Louwers</div><div><br class=""></div></body></html>