[dnsdist] drop reverse lookups
Jonathan Reed
jreed777 at gmail.com
Fri Aug 3 15:26:48 UTC 2018
Thanks, and what about for entire CIDR blocks? Is there a shorthand for
entire *.10.in-addr space?
> addAction("10.0.0.0/8", DropAction())
> showRules()
# Matches Rule Action
0 0 Src: 10.0.0.0/8 drop
Here it wants to match the source of the query, but I'm interested in
blocking the destination lookup.
I tried this but it does not block the request.
> addAction('*.10.in-addr.arpa', DropAction())
> showRules()
# Matches Rule Action
0 0 qname==*.10.in-addr.arpa. drop
Thanks!
On Fri, Aug 3, 2018 at 4:18 AM, Remi Gacogne <remi.gacogne at powerdns.com>
wrote:
> Hi Jonathan,
>
> On 08/02/2018 11:09 PM, Jonathan Reed wrote:
> > The docs say to drop lookups for domains like this
> >
> > addAction('example.com', DropAction())
> >
> >
> > Is this also the best way to drop reverse lookups?
> >
> > addAction('1.1.10.in-addr.arpa', DropAction())
>
> Yes, that's probably the easiest way to do it.
>
>
> Best regards,
> --
> Remi Gacogne
> PowerDNS.COM BV - https://www.powerdns.com/
>
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20180803/42f7c9c3/attachment.html>
More information about the dnsdist
mailing list