[dnsdist] Enabling cache for certain sources?

Fredrik Pettai pettai at sunet.se
Fri Apr 19 12:22:30 UTC 2024


Hi,

> On 17 Apr 2024, at 08:52, Jacob Bunk Nielsen via dnsdist <dnsdist at mailman.powerdns.com> wrote:
> 
> Andreas Wili via dnsdist <dnsdist at mailman.powerdns.com> writes:
> 
>> Now, there are two servers on the network for which all DNS queries must
>> not be cached.
> 
> Ahh, then you just do:
> 
> no_cache_ips = newNMG()
> 
> -- IPs of servers that shouldn't use the cache
> no_cache_ips:addMask('192.0.2.1/32')
> no_cache_ips:addMask('192.0.2.8/32')
> 
> addAction(NetmaskGroupRule(no_cache_ips, true), SetSkipCacheAction())


Slightly OT, I wonder if it would be possible to reverse the suggested solution,
 to cache only queries from specific IPs and skip the caching "for the rest” ?

The reason for asking is that we have some external resolvers / NAT:ed clients that use our resolvers,
and instead of using a excludeRange() to completely ignore those IPs, I’d rather would like to give
them less restrictive DynBlock rules in some way.

(I interpreted that the DynBlockRulesGroup rules for queries that hit the cache doesn’t add to the counter(s)?
Or has that changed in the recent versions? (https://dnsdist.org/reference/config.html#DynBlockRulesGroup))

Re,
/P
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20240419/3f5510aa/attachment.sig>


More information about the dnsdist mailing list