Thanks, Perhaps that’s a better solution to have multiple groups to be able to increase all limits
Re, /P > On 19 Apr 2024, at 14:31, Frank Louwers <fr...@tembo.be> wrote: > > There's a typo in my earlier message: > > >> dbr_regular:excludeRange("192.0.2.0/24") -- all but this cidr >> >> dbr_relaxed:excludeRange("0/0") -- first remove them all >> dbr_regular:includeRange("192.0.2.0/24") -- all but this cidr >> > > > should have been: > > dbr_regular:excludeRange("192.0.2.0/24") -- all but this cidr > > dbr_relaxed:excludeRange("0/0") -- first remove them all > dbr_relaxed:includeRange("192.0.2.0/24") -- all but this cidr > > >> >> Frank Louwers >> PowerDNS Certified Consultant @ Kiwazo.be >> >> >> >> >> >>> On 19 Apr 2024, at 14:22, Fredrik Pettai via dnsdist >>> <dnsdist@mailman.powerdns.com> wrote: >>> >>> Hi, >>> >>>> On 17 Apr 2024, at 08:52, Jacob Bunk Nielsen via dnsdist >>>> <dnsdist@mailman.powerdns.com> wrote: >>>> >>>> Andreas Wili via dnsdist <dnsdist@mailman.powerdns.com> writes: >>>> >>>>> Now, there are two servers on the network for which all DNS queries must >>>>> not be cached. >>>> >>>> Ahh, then you just do: >>>> >>>> no_cache_ips = newNMG() >>>> >>>> -- IPs of servers that shouldn't use the cache >>>> no_cache_ips:addMask('192.0.2.1/32') >>>> no_cache_ips:addMask('192.0.2.8/32') >>>> >>>> addAction(NetmaskGroupRule(no_cache_ips, true), SetSkipCacheAction()) >>> >>> >>> Slightly OT, I wonder if it would be possible to reverse the suggested >>> solution, >>> to cache only queries from specific IPs and skip the caching "for the rest” >>> ? >>> >>> The reason for asking is that we have some external resolvers / NAT:ed >>> clients that use our resolvers, >>> and instead of using a excludeRange() to completely ignore those IPs, I’d >>> rather would like to give >>> them less restrictive DynBlock rules in some way. >>> >>> (I interpreted that the DynBlockRulesGroup rules for queries that hit the >>> cache doesn’t add to the counter(s)? >>> Or has that changed in the recent versions? >>> (https://dnsdist.org/reference/config.html#DynBlockRulesGroup)) >>> >>> Re, >>> /P >>> _______________________________________________ >>> dnsdist mailing list >>> dnsdist@mailman.powerdns.com >>> https://mailman.powerdns.com/mailman/listinfo/dnsdist >> >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist