Hi,
Quite new in using dnsdist, but using powerdns authoritive server for a
while. But with a redesign we put dnsdist (1.5.0-rc2) in front of the
nameservers. Working fine, but we have some issues with the notify.
Which is working fine if I use 1 IP in the ruleset, but I can't figure
out how to get it working with 2 IPs. Most likely my inexperience with
the config, but can't find a good example. So I hope someone can help me
out.
```
I've added the following:
> addAction(AndRule({OpcodeRule(DNSOpcode.Notify),
NotRule(makeRule("192.168.0.0/24"))}), RCodeAction(DNSRCode.REFUSED))
> showRules()
# Matches Rule Action
0 0 (opcode==4) && (!(Src: 192.168.0.0/24)) set rcode 5
```
It's working fine. It blocks requests that not have source
192.168.0.0/24 and allows notifies from that block.
However if I want to add a second IP / range, I can't seem to get it to
work. I've added the '' between the IPs otherwise it will just ignore
the rest behind the comma in the rule. But from this point it is
blocking all the notify I've sent even from the IPs that are listed in
the rules.
```
> addAction(AndRule({OpcodeRule(DNSOpcode.Notify),
NotRule(makeRule("'192.168.0.0/24','10.100.100.10/32'"))}),
RCodeAction(DNSRCode.REFUSED))
> showRules()
# Matches Rule Action
0 0 (opcode==4) && (!(qname in
'192.168.0.0/24','10.100.100.10/32'.)) set rcode 5
```
I noticed the difference in `qname` and `Src:`, but I have no idea how
to make this work with both set. I tried options like creating an ACL,
which I found in an example, but this gives me syntax errors:
```
notifyACLs={"192.168.0.0/24", "10.100.100.10/32"}
addAction(AndRule({OpcodeRule(DNSOpcode.Notify),
NotRule(makeRule(notifyACLs))}), RCodeAction(DNSRCode.REFUSED))
```
So most likely I am missing something obvious, but hope someone can help
me on the way.
Kind regards,
- Rene
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
