[dnsdist] dnsdist Action dependant on source IP and queried domain

Chris lists+pdns at gbe0.com
Thu Feb 27 08:28:57 UTC 2020


Hi,

On 27/2/20 4:13 pm, Jochen Demmer via dnsdist wrote:
> addAction(RegexRule(".internal\\.domain\\.net$"), PoolAction("privatezone"))
> 
> But this would need a second selector which would be this NMG thing. How
> can I combine that?

As with the previous reply from Jacob Bunk, I would suggest this is the 
wrong way to go about things. Ideally you would be running a separate 
dnsdist instance for authoritative zones from the recursor (they can be 
on the same host with no problems).

Anyway, to answer your question you may combine rules by using "AndRule" 
and "OrRule". As an example:

-- Create NMG for source IP's
trustedNMG = newNMG()
trustedNMG:addMask("10.0.0.0/8")
trustedNMG:addMask("172.16.0.0/12")
trustedNMG:addMask("192.168.0.0/16")
trustedNMG:addMask("fd12::/16")

addAction(AndRule({NetmaskGroupRule(trustedNMG),RegexRule(".internal\\.domain\\.net$")}), 
PoolAction("privatezone"))


More information about the dnsdist mailing list