Re: [dnsdist] Whitelisting IP addresses with XDP filtering
Hi Rémi, In the meantime you could exclude the range using [1] to make sure that this is really the root cause of your issue. We already identified that dnsdist was the root cause by restarting dnsdist after it inserted the IP in the DynBlock and checking it was truncating new queries event after whitelisting. This lead to the BPF map remaining unchagned (the IP was still in it, so queries were supposed to be TC but were whitelisted), and the new queries were not truncated anymore, as the DynBlock was empty on userspace side. We might be able to get rid of that now, or at the very least we should make it optional. That would really be a time-saver for us ! Best, Pierre Grié ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] Whitelisting IP addresses with XDP filtering
Hi, I am currently working on a XDP BPF filter to work with dnsdist BPF maps which put the TC bit on packet from incoming IPs flagged by dnsdist, and I am trying to implement a whitelist system with an additional map that would contain IPs we would like to "whitelist" (i.e which would be allowed to perform UDP queries even when flagged by dnsdist and put in the BPF map with the DNSAction.Truncate action). The whitelisting mechanism work fine by itself, but it seems that when the whitelisted UDP query hits dnsdist after passing through the XDP filter, it is resend with the TC bit, thus forcing the client the retry with TCP. Is the DNSAction also enforced in userspace ? Regards ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
