[dnsdist] Whitelisting IP addresses with XDP filtering
Pierre Grié
pierre.grie at nameshield.net
Wed Oct 5 07:30:58 UTC 2022
Hi Rémi,
> In the meantime you could exclude the range using [1] to make sure that
> this is really the root cause of your issue.
We already identified that dnsdist was the root cause by restarting
dnsdist after it inserted the IP in the DynBlock and checking it was
truncating new queries event after whitelisting. This lead to the BPF
map remaining unchagned (the IP was still in it, so queries were
supposed to be TC but were whitelisted), and the new queries were not
truncated anymore, as the DynBlock was empty on userspace side.
> We might be able to get rid of that now, or at the very least we should
> make it optional.
That would really be a time-saver for us !
Best,
Pierre Grié
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221005/ae14cb8e/attachment.htm>
More information about the dnsdist
mailing list