[dnsdist] Range/mask for in-addr.arpa
Marki
dnsdist at lists.roth.lu
Wed Jan 15 17:04:59 UTC 2025
Oh well,
I meant specifically concerning dnsdist of course.
I.e. instead of having to say
domains_1 = {
"16.172.in-addr.arpa",
"17.172.in-addr.arpa",
"18.172.in-addr.arpa",
...
in order to create an ACL for reverse lookup of private IP space for
example,
being able to somehow specify 172.16/12 in the ACE.
:)
Marki
On 2025-01-15 16:24, frank at kiwazo.be wrote:
> Hi Marki,
>
> There's no way to do this directly, but there is a way to work around
> that issue. See RFC2317 https://datatracker.ietf.org/doc/html/rfc2317
> as one way of implementing this.
>
> I would advise against last suggestion (subnet.maskbitcount.something)
> as this would make 10.0.0.0/12 and 10.100.0.0/12 and 10.200.0.0/23 in
> confusingly different places. But YMMV.
>
> Cheers,
>
> Frank
>
> Frank Louwers
> Kiwazo
>
> e: hello at kiwazo.be
> m: +32 475 66 57 57
>
>> On 15 Jan 2025, at 16:10, Marki via dnsdist
>> <dnsdist at mailman.powerdns.com> wrote:
>>
>> Hello,
>>
>> Is it possible to create aggregated ACE for reverse zones?
>>
>> Like somehow
>> <subnet>-<subnet mask bit count>.100.168.192.in-addr.arpa or
>> <subnet>/<subnet mask bit count>.100.168.192.in-addr.arpa or
>> <subnet>.<subnet mask bit count>.100.168.192.in-addr.arpa
>>
>> If yes, how?
>>
>> Thanks,
>> Marki
>> _______________________________________________
>> dnsdist mailing list
>> dnsdist at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
More information about the dnsdist
mailing list