Hi Klaus, On 7/12/19 10:34 AM, Klaus Darilion wrote: > I have a ruleset with severals whitelist (AllowAction) and ratelimit > (MaxQPSRule+DropAction). > > Now, independent of these rules I would like to use different backend > pools. But now I have a problem as PoolAction() immediately forwards the > request and my blacklist/whitelist rules are not handled anymore. > > Moving the pool selection after the black/whitelist also does not work > as the whiteliste sends immediately to the default pool. > > Hence, I suggest a PoolAction() without implicit AllowAction, for > example PoolActionSetOnly() or PoolActionContinue() to set the pool for > a request but continue in the rules processing.
Perhaps the AndRule[1] operator could help here? ``` rule1 = MaxQPSRule(...) rule2 = SomeOtherRule() addAction(AndRule{rule1, rule2}, PoolAction(...)) ``` We use this in our own setups: ``` allowed_axfr_addresses_rule = makeRule({'192.0.2.1', '2001:DB8::1'}) -- Deny AXFR from anything but the allowed addresses addAction( AndRule({ OrRule({ QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR), }), NotRule(allowed_axfr_addresses_rule) }), RCodeAction(DNSRCode.REFUSED) ) ``` This way, with the rules correctly ordered, you should be able to achieve your goal. If you could provide the mailinglist with your current config and a description of what exactly you're trying to do, we could be able to judge if what you're asking for is indeed a new feature that could be implemented. Cheers, Pieter 1 - https://dnsdist.org/rules-actions.html#AndRule -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist