[dnsdist] Whitelisting IP addresses with XDP filtering

Pierre Grié pierre.grie at nameshield.net
Wed Oct 5 07:30:58 UTC 2022

Hi Rémi,

> In the meantime you could exclude the range using [1] to make sure that 
> this is really the root cause of your issue.

We already identified that dnsdist was the root cause by restarting 
dnsdist after it inserted the IP in the DynBlock and checking it was 
truncating new queries event after whitelisting. This lead to the BPF 
map remaining unchagned (the IP was still in it, so queries were 
supposed to be TC but were whitelisted), and the new queries were not 
truncated anymore, as the DynBlock was empty on userspace side.

> We might be able to get rid of that now, or at the very least we should 
> make it optional.

That would really be a time-saver for us !


Pierre Grié
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221005/ae14cb8e/attachment.htm>

More information about the dnsdist mailing list