[dnsdist] Range/mask for in-addr.arpa

[frank at kiwazo.be]

Hi Marki,

I am not familiar with the ACE term, but dnsdist doesn't know about classless in-addr.arpa addresses. So yes, I am afraid you'll need to specify them as you did.

Kind Regards,

Frank


> On 15 Jan 2025, at 18:04, Marki via dnsdist <dnsdist at mailman.powerdns.com> wrote:
> 
> Oh well,
> 
> I meant specifically concerning dnsdist of course.
> 
> I.e. instead of having to say
> 
> domains_1 = {
>  "16.172.in-addr.arpa",
>  "17.172.in-addr.arpa",
>  "18.172.in-addr.arpa",
> ...
> 
> in order to create an ACL for reverse lookup of private IP space for example,
> being able to somehow specify 172.16/12 in the ACE.
> 
> :)
> 
> Marki
> 
> 
> 
> On 2025-01-15 16:24, frank at kiwazo.be wrote:
>> Hi Marki,
>> There's no way to do this directly, but there is a way to work around
>> that issue. See RFC2317 https://datatracker.ietf.org/doc/html/rfc2317
>> as one way of implementing this.
>> I would advise against last suggestion (subnet.maskbitcount.something)
>> as this would make 10.0.0.0/12 and 10.100.0.0/12 and 10.200.0.0/23 in
>> confusingly different places. But YMMV.
>> Cheers,
>> Frank
>> Frank Louwers
>> Kiwazo
>> e: hello at kiwazo.be
>> m: +32 475 66 57 57
>>> On 15 Jan 2025, at 16:10, Marki via dnsdist
>>> <dnsdist at mailman.powerdns.com> wrote:
>>> Hello,
>>> Is it possible to create aggregated ACE for reverse zones?
>>> Like somehow
>>> <subnet>-<subnet mask bit count>.100.168.192.in-addr.arpa or
>>> <subnet>/<subnet mask bit count>.100.168.192.in-addr.arpa or
>>> <subnet>.<subnet mask bit count>.100.168.192.in-addr.arpa
>>> If yes, how?
>>> Thanks,
>>> Marki
>>> _______________________________________________
>>> dnsdist mailing list
>>> dnsdist at mailman.powerdns.com
>>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
> 
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist