Oh well,
I meant specifically concerning dnsdist of course.
I.e. instead of having to say
domains_1 = {
"16.172.in-addr.arpa",
"17.172.in-addr.arpa",
"18.172.in-addr.arpa",
...
in order to create an ACL for reverse lookup of private IP space for
example,
being able to somehow specify 172.16/12 in the ACE.
:)
Marki
On 2025-01-15 16:24, fr...@kiwazo.be wrote:
Hi Marki,
There's no way to do this directly, but there is a way to work around
that issue. See RFC2317 https://datatracker.ietf.org/doc/html/rfc2317
as one way of implementing this.
I would advise against last suggestion (subnet.maskbitcount.something)
as this would make 10.0.0.0/12 and 10.100.0.0/12 and 10.200.0.0/23 in
confusingly different places. But YMMV.
Cheers,
Frank
Frank Louwers
Kiwazo
e: he...@kiwazo.be
m: +32 475 66 57 57
On 15 Jan 2025, at 16:10, Marki via dnsdist
<dnsdist@mailman.powerdns.com> wrote:
Hello,
Is it possible to create aggregated ACE for reverse zones?
Like somehow
<subnet>-<subnet mask bit count>.100.168.192.in-addr.arpa or
<subnet>/<subnet mask bit count>.100.168.192.in-addr.arpa or
<subnet>.<subnet mask bit count>.100.168.192.in-addr.arpa
If yes, how?
Thanks,
Marki
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
