[dnsdist] dnsdist Action dependant on source IP and queried domain
Jacob Bunk Nielsen
jbn at one.com
Thu Feb 27 10:13:30 UTC 2020
On 27/02/2020 10.58, Jochen Demmer via dnsdist wrote:
> In your example queries from internal network are being redirected to
> the pool that can answer those.
Exactly.
>
>> addAction(AndRule({NetmaskGroupRule(internal_dns_ips, false),
>> NetmaskGroupRule(internal_network)}), PoolAction('internal_auth_pool'))
> But queries from internal network do not neccessarily ask only for
> internal zones, they might as well need recursion or maybe even the
> public pool.
But those queries should go to different IPs. So you give out a set of
IPs for recursion, another set of IPs for public auth zones and a third
set of IPs for internal zones.
> How can I handle that? Should the DNS server that the clients of the
> internal network use make the distinction between where normal recursive
> queries shall be sent to and where to send those who are private domains?
The clients should only talk to the recursive resolver, I guess?
Best regards,
Jacob
P.S. Jochen, sorry for writing to you directly - I wanted to answer on-list.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200227/a79dde42/attachment.htm>
More information about the dnsdist
mailing list