[dnsdist] Negate Selector for NetmaskGroupRule
Remi Gacogne
remi.gacogne at powerdns.com
Mon May 31 10:22:58 UTC 2021
Hi Jochen,
On 5/27/21 10:24 AM, Jochen Demmer via dnsdist wrote:
> I wasn't able to figure out the right syntax of NegativeAndSOAAction
> that's why I went with DNSRCode.
What is it that you could not figure out, so we can improve the
documentation? You have an example in our regression tests, in the
TestAdvancedNegativeAndSOA class [1].
> If I understand things correctly every single DNS query will trigger
> RegexRule, makeRule and NetmaskGroupRule check. Will this slow
> things down? If so, is there a better approach?
Rules that are part of a "AndRule" are lazily evaluated in order, so we
will only evaluate the regex and makeRule ones if the NetmaskGroupRule
did not match. I guess in your case most queries will not match any of
the rules, though, but NetmaskGroupRule and makeRule (which internally
does a SuffixMatchRule match) are very fast, so I would move the regex
rule last and focus on making the regular expression fast :)
[1]:
https://github.com/PowerDNS/pdns/blob/master/regression-tests.dnsdist/test_Advanced.py#L1845
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dnsdist
mailing list