[dnsdist] print the ip address that match a Packet Actions

antoine blin antoine.blin at gandi.net
Fri Oct 1 08:06:53 UTC 2021


Hi Remi

Thank you for your TIP. It works.

Antoine

On 28/09/2021 11:27, Remi Gacogne via dnsdist wrote:
> Hi Antoine,
>
> On 9/27/21 14:00, antoine blin via dnsdist wrote:
>> I'm using the rule : "addAction(MaxQPSIPRule(5), DropAction())" and 
>> I'm wondering if it is possible to see, through the console API or 
>> other API, the list of subnet in which rate limit rule is applied.
>
> Not directly, I'm afraid, but you could work something out by setting 
> a tag when that rule matches, then trigger a LogAction [1] and finally 
> a DropAction when the tag is set. Something like (untested, but you 
> should get the idea):
>
> addAction(MaxQPSIPRule(5), SetTagAction("max-qpsip-rule", "match"))
> addAction(TagRule("max-qpsip-rule", "match"), 
> LogAction('/path/to/dnsdist.log'))
> addAction(TagRule("max-qpsip-rule", "match"), DropAction())
>
> Note that this works because LogAction does not stop the processing of 
> subsequent rules, as most actions do.
>
> [1]: https://dnsdist.org/rules-actions.html#LogAction
>
> Best regards
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20211001/e9063747/attachment.htm>


More information about the dnsdist mailing list