[dnsdist] Rules and Whitelisting
Alejandro Adroher Mellado
alejandro.adroher at omniaccess.com
Wed Jun 29 07:20:31 UTC 2016
Hi all,
I’m dealing to the whitelisting using LUA in this way.
newserver (….)
….
whitelisted = newNMG()
whitelisted:addMask("xxx.xxx.xxx.xxx/xx ")
whitelisted:addMask("xxx.xxx.xxx.xxx/xx ")
whitelisted:addMask("xxx.xxx.xxx.xxx/xx")
function maintenance()
toBlock = exceedQRate(300, 10)
for k, v in pairs(toBlock) do
if (whitelisted:match(k))
then
toBlock[k] = nil
end
end
addDynBlocks(toBlock, "Exceeded query rate", 60)
end
So, my whitelisted IPS are protected to be blocked from dynamic block.
In the other side, I have a script which automatically add rules to dnsdist to forward queries from domains which respond with SERVFAIL, to the abuse pool.
Now, I’m looking for how to prevent that those rules do not affect the queries coming from these whitelisted IPs.
Maybe there is a better way to whitelist IPs.
Has anyone any knowledge about this stuff?
Dnsdist version : 1.0.0-1pdns.trusty
Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160629/328725b1/attachment.html>
More information about the dnsdist
mailing list