[dnsdist] Whitelisting IP addresses with XDP filtering
pierre.grie at nameshield.net
Tue Oct 4 15:59:31 UTC 2022
I am currently working on a XDP BPF filter to work with dnsdist BPF maps
which put the TC bit on packet from incoming IPs flagged by dnsdist, and
I am trying to implement a whitelist system with an additional map that
would contain IPs we would like to "whitelist" (i.e which would be
allowed to perform UDP queries even when flagged by dnsdist and put in
the BPF map with the DNSAction.Truncate action).
The whitelisting mechanism work fine by itself, but it seems that when
the whitelisted UDP query hits dnsdist after passing through the XDP
filter, it is resend with the TC bit, thus forcing the client the retry
with TCP. Is the DNSAction also enforced in userspace ?
More information about the dnsdist