[dnsdist] Enabling cache for certain sources?

Fredrik Pettai pettai at sunet.se
Sun Apr 21 19:39:58 UTC 2024 

Thanks,

Perhaps that’s a better solution to have multiple groups to be able to increase all limits

Re,
/P

> On 19 Apr 2024, at 14:31, Frank Louwers <frank at tembo.be> wrote:
> 
> There's a typo in my earlier message:
> 
> 
>> dbr_regular:excludeRange("192.0.2.0/24") -- all but this cidr
>> 
>> dbr_relaxed:excludeRange("0/0") -- first remove them all
>> dbr_regular:includeRange("192.0.2.0/24") -- all but this cidr
>> 
> 
> 
> should have been:
> 
> dbr_regular:excludeRange("192.0.2.0/24") -- all but this cidr
> 
> dbr_relaxed:excludeRange("0/0") -- first remove them all
> dbr_relaxed:includeRange("192.0.2.0/24") -- all but this cidr
> 
> 
>> 
>> Frank Louwers
>> PowerDNS Certified Consultant @ Kiwazo.be
>> 
>> 
>> 
>> 
>> 
>>> On 19 Apr 2024, at 14:22, Fredrik Pettai via dnsdist <dnsdist at mailman.powerdns.com> wrote:
>>> 
>>> Hi,
>>> 
>>>> On 17 Apr 2024, at 08:52, Jacob Bunk Nielsen via dnsdist <dnsdist at mailman.powerdns.com> wrote:
>>>> 
>>>> Andreas Wili via dnsdist <dnsdist at mailman.powerdns.com> writes:
>>>> 
>>>>> Now, there are two servers on the network for which all DNS queries must
>>>>> not be cached.
>>>> 
>>>> Ahh, then you just do:
>>>> 
>>>> no_cache_ips = newNMG()
>>>> 
>>>> -- IPs of servers that shouldn't use the cache
>>>> no_cache_ips:addMask('192.0.2.1/32')
>>>> no_cache_ips:addMask('192.0.2.8/32')
>>>> 
>>>> addAction(NetmaskGroupRule(no_cache_ips, true), SetSkipCacheAction())
>>> 
>>> 
>>> Slightly OT, I wonder if it would be possible to reverse the suggested solution,
>>> to cache only queries from specific IPs and skip the caching "for the rest” ?
>>> 
>>> The reason for asking is that we have some external resolvers / NAT:ed clients that use our resolvers,
>>> and instead of using a excludeRange() to completely ignore those IPs, I’d rather would like to give
>>> them less restrictive DynBlock rules in some way.
>>> 
>>> (I interpreted that the DynBlockRulesGroup rules for queries that hit the cache doesn’t add to the counter(s)?
>>> Or has that changed in the recent versions? (https://dnsdist.org/reference/config.html#DynBlockRulesGroup))
>>> 
>>> Re,
>>> /P
>>> _______________________________________________
>>> dnsdist mailing list
>>> dnsdist at mailman.powerdns.com
>>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20240421/d3a2ff55/attachment.sig>

More information about the dnsdist mailing list