[Pdns-users] Remote backend docs

Mike Cardwell pdns at lists.grepular.com
Mon Dec 5 13:23:18 UTC 2016 

* on the Mon, Dec 05, 2016 at 02:25:08PM +0200, Aki Tuomi wrote:

>>> scopeMask = how many bits of requestor IP was used to produce this
>>> result. this should 0 unless you are using the client's (real) IP
>>> somehow to come up with the answer, and if you do, how many bits of the
>>> value was used. 128 (v6) or 32 (v4) means you used up the whole IP, 0
>>> means no bits were used.
>> This sounds like it will work if I want to for example return a different
>> A record depending on the source IP address. However, what if I want to
>> return a specific A record for some source IPs, and *no* A record for
>> other IPs? How do I set a scopeMask on an empty response?
> 
> Set scopeMask = 0 when you are not using it. There are two kinds of
> empty responses,
> 
> 1. No such domain at all (i have no idea what this domain is)
> 
> You return false.
> 
> 2. No such record (for requested type, or at all)
> 
> You return empty array. If you are asked for ANY or SOA you can reply
> with domain SOA. I am not 100% sure what you should do in your use case,
> but I guess I would check if you can return 1 here if your known values
> are above or below x.x.x.x/1 OR something::/1 and client's IP is on this
> half, so it can cache half the internet. Otherwise you should return 128
> or 32 to be sure.

So for an IPv4 client querying an A record for www.example.com I can do
the following and it will not be cached for any other IP:

[
  {
    qtype:     'A',
    qname:     'www.example.com.',
    content:   '1.2.3.4',
    scopeMask: 32,       
  }
]

But then if a different client comes along and makes the same request and
I want to respond with nothing, I have to return an empty array:

[]

But then if the first client comes back again, it will get the "nothing
response" too, as that wasn't given a scopeMask. Because you can not apply
a scopeMask to an empty response by doing something like:

[
  {
    scopeMask: 32
  }
]

?

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20161205/6d86f3f8/attachment.sig>

More information about the Pdns-users mailing list