[dnsdist] Whitelisting IP addresses with XDP filtering
Remi Gacogne
remi.gacogne at powerdns.com
Wed Oct 5 08:01:06 UTC 2022
Hi,
On 05/10/2022 09:30, Pierre Grié via dnsdist wrote:
>> In the meantime you could exclude the range using [1] to make sure that
>> this is really the root cause of your issue.
>
> We already identified that dnsdist was the root cause by restarting
> dnsdist after it inserted the IP in the DynBlock and checking it was
> truncating new queries event after whitelisting. This lead to the BPF
> map remaining unchagned (the IP was still in it, so queries were
> supposed to be TC but were whitelisted), and the new queries were not
> truncated anymore, as the DynBlock was empty on userspace side.
Great.
>> We might be able to get rid of that now, or at the very least we should
>> make it optional.
>
> That would really be a time-saver for us !
I opened a feature request ticket to track this at [1]. I tentatively
set the milestone to 1.8.0 but I'm not sure I will have the time to look
into this quickly.
If you, or someone else, wants to tackle it and open a pull request I
think the second option I listed in the ticket should be fairly
straight-forward to implement.
[1]: https://github.com/PowerDNS/pdns/issues/12061
Cheers,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221005/349afb6c/attachment.sig>
More information about the dnsdist
mailing list