[dnsdist] Rules and Whitelisting

Alejandro Adroher Mellado alejandro.adroher at omniaccess.com
Wed Jun 29 07:20:31 UTC 2016

Hi all,

I’m dealing to the whitelisting using LUA in this way.
newserver (….)
whitelisted = newNMG()
whitelisted:addMask("xxx.xxx.xxx.xxx/xx ")
whitelisted:addMask("xxx.xxx.xxx.xxx/xx ")
function maintenance()
    toBlock = exceedQRate(300, 10)
    for k, v in pairs(toBlock) do
        if (whitelisted:match(k))
            toBlock[k] = nil
    addDynBlocks(toBlock, "Exceeded query rate", 60)

So, my whitelisted IPS are protected to be blocked from dynamic block.
In the other side, I have a script which automatically add rules to dnsdist to forward queries from domains which respond with SERVFAIL, to the abuse pool.

Now, I’m looking for how to prevent that those rules do not affect the queries coming from these whitelisted IPs.

Maybe there is a better way to whitelist IPs.

Has anyone any knowledge about this stuff?

Dnsdist version : 1.0.0-1pdns.trusty

Thanks a lot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160629/328725b1/attachment.html>

More information about the dnsdist mailing list