Hi, On 05/10/2022 09:30, Pierre Grié via dnsdist wrote:
In the meantime you could exclude the range using [1] to make sure that this is really the root cause of your issue.We already identified that dnsdist was the root cause by restarting dnsdist after it inserted the IP in the DynBlock and checking it was truncating new queries event after whitelisting. This lead to the BPF map remaining unchagned (the IP was still in it, so queries were supposed to be TC but were whitelisted), and the new queries were not truncated anymore, as the DynBlock was empty on userspace side.
Great.
We might be able to get rid of that now, or at the very least we should make it optional.That would really be a time-saver for us !
I opened a feature request ticket to track this at [1]. I tentatively set the milestone to 1.8.0 but I'm not sure I will have the time to look into this quickly. If you, or someone else, wants to tackle it and open a pull request I think the second option I listed in the ticket should be fairly straight-forward to implement.
[1]: https://github.com/PowerDNS/pdns/issues/12061 Cheers, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist