[dnsdist] Regex-Question
Frank Louwers
frank+pdns at tembo.be
Fri Nov 13 10:45:06 UTC 2020
Hi Markus,
> On Nov 13, 2020, at 11:33 AM, Markus Ehrlicher via dnsdist <dnsdist at mailman.powerdns.com> wrote:
>
> Hello together,
>
> I have dnsdist in Version 1.5.1 installed and are successfully using some rules for blocking/slowing down queries for some subdomains:
>
> addAction(RegexRule(".*\\.subdomain\\.example\\.org$"), ERCodeAction(DNSRCode.SERVFAIL))
> addAction(RegexRule(".*\\.?example\\.org$"), QPSAction(10))
You don't need to use a RegexRule, you can just do something like this:
addAction("subdomain.example.org ", DropAction()) (or whatever other action you want to do).
>
> But now, I have a little more complicated task: I want to block all queries for *.example.org <http://example.org/>, except subdomain1.example.org <http://subdomain1.example.org/> and subdomain2.example.org <http://subdomain2.example.org/>.
> I tried it with some Online Regex-Tools (https://regex101.com/r/Y2sXP8/3 <https://regex101.com/r/Y2sXP8/3>), but these rule is not accepted by dnsdist. I know that the incasesensitive-flag isn’t needed in dnsdist, but this was for testing. Is there a good documentation about the regex escpecially for dnsdist or is my problem not solvable with dnsdist regex?
>
The first action that matches, will be executed. So if you first add the domains that should get trough (assign them to a pool for instance), then then the action that should block / servfail / tc=1 / rate limit. / .... you should be fine.
Kind Regards,
Frank Louwers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20201113/adbd2ac0/attachment.htm>
More information about the dnsdist
mailing list