[dnsdist] Only answer queries for subdomain from certain IPs?

[Jason Bailey]

So I want to put dnsdist in front of all of my recursor and my auth servers and make sure that a given subdomain basically only exists when queried by a given IP or set of IPs.

For example, suppose I have the subdomain my.example.com. If a client from my allowed list queries dnsdist for my.example.com, it passes it through to the recursor or auth server (whatever makes sense for that given circumstance) and returns the answer accordingly. If, on the other hand, a client that isn't on my allowed list happens to query dnsdist for that same subdomain, dnsdist responds to the client that the domain my.example.com doesn't exist and subsequently does not pass it through to recursor or auth.  If it's for any other subdomain (ftp.example.com or whatever), dnsdist should just pass it through as usual and let recursor or auth handle it as it would.

Can dnsdist do that effectively? If so, how would I go about it?

*Confidentiality Notice* This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this email message is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete this email message from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200622/f2fec903/attachment.htm>