[dnsdist] can dns responses be changed or suppressed ( E.g. suppress A records for all internal IPs) ?
Remi Gacogne
remi.gacogne at powerdns.com
Mon Jun 11 08:09:55 UTC 2018
Hi Andreas,
On 06/07/2018 03:47 PM, Balg, Andreas wrote:
> I've read quite a lot about dnsdist but I could not figure out how and
> if it would also e possible to run dnsdist in order to "rewrite" or
> suppress dns query RESPONSES?
>
> In short: I'd like to suppress e.g. any A record that contains internal
> IPs from the private IP space in order to hide internal topology better
> from outside clients without the need to run and maintain multiple
> instances of a single dns-zone for internal or external "view".
>
> The most interesting part would be to achieve the same for AXFR
> requests to external slaves so we could "mirror" our internal DNS zones
> to an external slave operated by a cloud DNS service provider for
> maximum stability.
>
> Did anybody do sth. like that before? Do you guys consider this a
> feasible approach at all? Are there any examples of config-files for
> dnsdist how to achieve such a thing?
I'm afraid not. We try hard to limit the parsing of responses to a
minimum in dnsdist for performance reasons, and we don't have the
ability to alter records. For simple cases you might be able to get away
with generating answers directly from dnsdist, but you won't be able to
selectively remove part of an existing answer.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20180611/2084832f/attachment.sig>
More information about the dnsdist
mailing list