[dnsdist] dnsdist 1.7 : allow only A request
Jacob Bunk Nielsen
jbn at one.com
Mon Mar 20 07:52:06 UTC 2023
Please keep the discussion on this list.
On 17/03/2023 16.37, david.neau at orange.com wrote:
> Hi Jacob,
>
> Here :
>
> [root at UAVARRDIJ01 ~]# cat /etc/dnsdist/dnsdist.conf
> -- DNSdist configuration file
>
> -- disable security status polling via DNS
> setSecurityPollSuffix("")
>
> -- world reachable
> setACL({'0.0.0.0/0', '::/0'})
>
> -- listen on
> setLocal('X.X.X.X')
>
> -- control socket on localhost
> controlSocket('127.0.0.1:5199')
> setConsoleACL('127.0.0.1/32')
> setKey('vr1zmw7JwKBN0hzk7n9vD69/SLkT+pl+Rb+crkiHYIM=')
>
> webserver("X.X.X.X:8081")
> -- webserver ("127.0.0.1:8081")
> setWebserverConfig({password="xxxx", apiKey="xxxxx", acl="0.0.0.0/0"})
>
> includeDirectory("/etc/dnsdist/conf.d")
>
> ==================================================================
>
> cat /etc/dnsdist/conf.d/myconf_dnsdit.conf
>
> setServerPolicy(wrandom)
>
> newServer({address="127.0.0.1:853", name="my_server", pool="local", qps=1000, order=1, weight=10, useClientSubnet=true})
>
> newServer({address="180.112.144.96", name="remote-server" , pool="remote", checkType="A", checkName="my_domain.fr" , qps=1500, order=1, weight=10 , useClientSubnet=true})
>
> addAction(
> NotRule (
> OrRule {QTypeRule(DNSQType.A), QTypeRule(DNSQType.AAAA)}
> ),
> AllowAction()
> )
>
>
> addAction({'toto.com'}, PoolAction("local"))
> addAction({'titi.com'}, PoolAction("remote-server"))
I suggest you look into my previous suggestion, that I made in this
thread on the 13th of March. I think that would work better for you.
Best regards,
Jacob
More information about the dnsdist
mailing list