[Pdns-users] ACL based on source IP

AJ McKee aj.mckee at druid-dns.com
Wed Mar 5 10:05:25 UTC 2014

Hi Andrea,

From your description it appears what you are looking to implement is something akin to BIND views.

This is not possible with a vanilla PDNS instance. However you could overcome this by using a custom backend, say in python that would search a different table space based on the client IP. It sounds difficult, but really its not, and a custom backend is a joyful learning experience. 

You could probably do it another way using recursor and multiple pens instances, but I am only guessing here, have never really used recursor. 

You could also use IPTABLES here as well, and direct the query to the inside/outside instance of PDNS (You can launch many instances on several different ports all accessing the same database, but you may want to use a custom SQL query if using MySQL as your backend). This may be handy when you want to scale out a little too. 

In short, no, but there are many ways to achieve what you want. 


AJ McKee

On 5 March 2014 at 10:27:41, Andrea Cappelli (a.cappelli at gmail.com) wrote:

I have a PowerDNS instance with many zones  

I would create an ACL on the IP from which the request came to  

1) reply a different value  
2) doesn't reply at all  

So for example for record foo.bar I can reply xxx.yyy.zzz.kkk if the  
request arrives from an internal server and deny if arrives from an  
external ip  

It's possible?  

Andrea Cappelli  

Pdns-users mailing list  
Pdns-users at mailman.powerdns.com  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140305/f18c7cc2/attachment-0001.html>

More information about the Pdns-users mailing list