[dnsdist] Regex-Question

Markus Ehrlicher Markus.Ehrlicher at komsa.de
Fri Nov 13 12:28:42 UTC 2020


Hi Frank,

thanks for your fast response. The thing with the „whitelist“-pool works like charm – thanks for this ☺

For my both existing rules, the regex has the behavior, that queries for „*.subdomain.example.org“ should be blocked, but „subdomain.example.org“ itself is an existing domain and should be handled normally. Background: we had an big amount of queries „testing“ massively all possible (and impossible) (sub)-subdomains for this subdomain. That is why we first came up with the idea of using dnsdist to relax the load on our powernds-Servers (they went nearly down) ☺

Best regards,
Markus


Von: dnsdist <dnsdist-bounces at mailman.powerdns.com> Im Auftrag von Frank Louwers via dnsdist
Gesendet: Freitag, 13. November 2020 11:45
An: dnsdist at mailman.powerdns.com
Betreff: Re: [dnsdist] Regex-Question

Hi Markus,

On Nov 13, 2020, at 11:33 AM, Markus Ehrlicher via dnsdist <dnsdist at mailman.powerdns.com<mailto:dnsdist at mailman.powerdns.com>> wrote:

Hello together,

I have dnsdist in Version 1.5.1 installed and are successfully using some rules for blocking/slowing down queries for some subdomains:

addAction(RegexRule(".*\\.subdomain\\.example\\.org$"), ERCodeAction(DNSRCode.SERVFAIL))
addAction(RegexRule(".*\\.?example\\.org$"), QPSAction(10))

You don't need to use a RegexRule, you can just do something like this:

addAction("subdomain.example.org<http://subdomain.example.org> ", DropAction()) (or whatever other action you want to do).

But now, I have a little more complicated task: I want to block all queries for *.example.org<http://example.org/>, except subdomain1.example.org<http://subdomain1.example.org/> and subdomain2.example.org<http://subdomain2.example.org/>.
I tried it with some Online Regex-Tools (https://regex101.com/r/Y2sXP8/3), but these rule is not accepted by dnsdist. I know that the incasesensitive-flag isn’t needed in dnsdist, but this was for testing. Is there a good documentation about the regex escpecially for dnsdist or is my problem not solvable with dnsdist regex?


The first action that matches, will be executed. So if you first add the domains that should get trough (assign them to a pool for instance), then then the action that should block / servfail / tc=1 / rate limit. / .... you should be fine.

Kind Regards,

Frank Louwers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20201113/babb446e/attachment.htm>


More information about the dnsdist mailing list