On 10/03/2023 09.21, david n via dnsdist wrote:
I tried to explicitly deny the most current DNS requests like for ex :

-- refused query type :
        addAction(QTypeRule(dnsdist.ANY), DropAction())
        addAction(QTypeRule(dnsdist.SOA), DropAction())

With dnsdist 1.4 (as far as I remember) those names for the various query types changed, so dnsdist.ANY became DNSQType.ANY.

For your particular case of only wanting to serve A and AAAA records I would probably just do (untested):

addAction( NotRule(OrRule({QTypeRule(DNSQType.A),QTypeRule(DNSQType.AAAA)})), RCodeAction(DNSRCode.REFUSED))

With all the warnings that Stephane already gave you about why this is a bad idea.

You can replace RCodeAction(DNSRCode.REFUSED) with DropAction() if you don't even want to reply with a REFUSED response.

Best regards,

Jacob


_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Reply via email to