[dnsdist] XDP/eBPF blocking (was dnsdist 1.7.0 released)

Klaus Darilion klaus.darilion at nic.at
Mon Jan 17 20:05:28 UTC 2022


Hi!
> Pierre Grié from Nameshield contributed an XDP program to reply to
> blocked UDP queries with a truncated response directly from the kernel,
> in a similar way to what we were already doing using eBPF socket
> filters. This version adds support for eBPF pinned maps, allowing
> dnsdist to populate the maps using our dynamic blocking mechanism, and
> letting the external XDP program do the actual blocking or response.

How does this work in detail? If example.com is on these lists (filtering or truncate response), will it block also www.example.com (and other subdomains) or only exactly the name on the list?

Thanks
Klaus


More information about the dnsdist mailing list