* on the Mon, Dec 05, 2016 at 02:25:08PM +0200, Aki Tuomi wrote: >>> scopeMask = how many bits of requestor IP was used to produce this >>> result. this should 0 unless you are using the client's (real) IP >>> somehow to come up with the answer, and if you do, how many bits of the >>> value was used. 128 (v6) or 32 (v4) means you used up the whole IP, 0 >>> means no bits were used. >> This sounds like it will work if I want to for example return a different >> A record depending on the source IP address. However, what if I want to >> return a specific A record for some source IPs, and *no* A record for >> other IPs? How do I set a scopeMask on an empty response? > > Set scopeMask = 0 when you are not using it. There are two kinds of > empty responses, > > 1. No such domain at all (i have no idea what this domain is) > > You return false. > > 2. No such record (for requested type, or at all) > > You return empty array. If you are asked for ANY or SOA you can reply > with domain SOA. I am not 100% sure what you should do in your use case, > but I guess I would check if you can return 1 here if your known values > are above or below x.x.x.x/1 OR something::/1 and client's IP is on this > half, so it can cache half the internet. Otherwise you should return 128 > or 32 to be sure.
So for an IPv4 client querying an A record for www.example.com I can do
the following and it will not be cached for any other IP:
[
{
qtype: 'A',
qname: 'www.example.com.',
content: '1.2.3.4',
scopeMask: 32,
}
]
But then if a different client comes along and makes the same request and
I want to respond with nothing, I have to return an empty array:
[]
But then if the first client comes back again, it will get the "nothing
response" too, as that wasn't given a scopeMask. Because you can not apply
a scopeMask to an empty response by doing something like:
[
{
scopeMask: 32
}
]
?
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
