[dnsdist] Negate Selector for NetmaskGroupRule
Jochen Demmer
jdemmer at relaix.net
Wed Feb 24 11:51:52 UTC 2021
Hi,
in the backend I've got a powerdns with postgresql and in front I plan to use dnsdist.
There are indeed zones that only specific clients should be allowed to query.
In order to achieve that the list (about a year ago) suggested to use something like this:
trustedNMG:addMask("1.2.3.4/32")
trustedNMG:addMask("2a00:fe10:33:102::/64")
addAction(AndRule({NetmaskGroupRule(trustedNMG),RegexRule(".intern\\.mydomain\\.net$")}), PoolAction("specificpool"))
Yet there is only one pool currently, which is my powerdns backend which contains all zones.
Can I instead make a rule that sends something like NXDOMAIN for everybody except the Source IPs given above?
I would need something like a negation, but can't find anything alike in the documentation:
addAction(AndRule({NetmaskGroupRule(!trustedNMG),RegexRule(".intern\\.mydomain\\.net$")}), SetNegativeAndSOAAction ( nxd)
note the exclamation mark.
Thank you
Jochen Demmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210224/f96385c6/attachment.htm>
More information about the dnsdist
mailing list