Hi Marki, I am not familiar with the ACE term, but dnsdist doesn't know about classless in-addr.arpa addresses. So yes, I am afraid you'll need to specify them as you did.
Kind Regards, Frank > On 15 Jan 2025, at 18:04, Marki via dnsdist <[email protected]> > wrote: > > Oh well, > > I meant specifically concerning dnsdist of course. > > I.e. instead of having to say > > domains_1 = { > "16.172.in-addr.arpa", > "17.172.in-addr.arpa", > "18.172.in-addr.arpa", > ... > > in order to create an ACL for reverse lookup of private IP space for example, > being able to somehow specify 172.16/12 in the ACE. > > :) > > Marki > > > > On 2025-01-15 16:24, [email protected] wrote: >> Hi Marki, >> There's no way to do this directly, but there is a way to work around >> that issue. See RFC2317 https://datatracker.ietf.org/doc/html/rfc2317 >> as one way of implementing this. >> I would advise against last suggestion (subnet.maskbitcount.something) >> as this would make 10.0.0.0/12 and 10.100.0.0/12 and 10.200.0.0/23 in >> confusingly different places. But YMMV. >> Cheers, >> Frank >> Frank Louwers >> Kiwazo >> e: [email protected] >> m: +32 475 66 57 57 >>> On 15 Jan 2025, at 16:10, Marki via dnsdist >>> <[email protected]> wrote: >>> Hello, >>> Is it possible to create aggregated ACE for reverse zones? >>> Like somehow >>> <subnet>-<subnet mask bit count>.100.168.192.in-addr.arpa or >>> <subnet>/<subnet mask bit count>.100.168.192.in-addr.arpa or >>> <subnet>.<subnet mask bit count>.100.168.192.in-addr.arpa >>> If yes, how? >>> Thanks, >>> Marki >>> _______________________________________________ >>> dnsdist mailing list >>> [email protected] >>> https://mailman.powerdns.com/mailman/listinfo/dnsdist > > _______________________________________________ > dnsdist mailing list > [email protected] > https://mailman.powerdns.com/mailman/listinfo/dnsdist _______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
