[dnsdist] dnsdist 1.7 : allow only A request
Jacob Bunk Nielsen
jbn at one.com
Mon Mar 13 05:40:43 UTC 2023
On 10/03/2023 09.21, david n via dnsdist wrote:
> I tried to explicitly deny the most current DNS requests like for ex :
>
> -- refused query type :
> addAction(QTypeRule(dnsdist.ANY), DropAction())
> addAction(QTypeRule(dnsdist.SOA), DropAction())
With dnsdist 1.4 (as far as I remember) those names for the various
query types changed, so dnsdist.ANY became DNSQType.ANY.
For your particular case of only wanting to serve A and AAAA records I
would probably just do (untested):
addAction(
NotRule(OrRule({QTypeRule(DNSQType.A),QTypeRule(DNSQType.AAAA)})),
RCodeAction(DNSRCode.REFUSED))
With all the warnings that Stephane already gave you about why this is a
bad idea.
You can replace RCodeAction(DNSRCode.REFUSED) with DropAction() if you
don't even want to reply with a REFUSED response.
Best regards,
Jacob
More information about the dnsdist
mailing list