From: MaxHearnden <MaxHearnden@users.noreply.github.com>
Date: Mon, 22 Sep 2025 00:21:18 +0000 (+0100)
Subject: Use RDRule in dnsdist example
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad87351802f0a75c81b373da6945762ea4b30628;p=thirdparty%2Fpdns.git

Use RDRule in dnsdist example

This would allow IP addresses with access to the recursive DNS server to also access the authoritative DNS server to e.g. perform zone transfers.

Signed-off-by: MaxHearnden <MaxHearnden@users.noreply.github.com>
---

diff --git a/docs/guides/recursion.rst b/docs/guides/recursion.rst
index 8f747fd1f..a9b9d10f7 100644
--- a/docs/guides/recursion.rst
+++ b/docs/guides/recursion.rst
@@ -207,12 +207,12 @@ This is where several settings from the existing Authoritative Server
     recursive_ips:addMask('NETWORKMASK1') -- These network masks are the ones from allow-recursion in the Authoritative Server
     recursive_ips:addMask('NETWORKMASK2')
 
-    addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
+    addAction(AndRule({NetmaskGroupRule(recursive_ips), RDRule()}), PoolAction('recursor'))
     addAction(AllRule(), PoolAction('auth'))
 
-This configuration will route all queries from the netmasks that are
-allowed to do recursion to the Recursor and all other queries to the
-Authoritative Server.
+This configuration will route all recursive queries from the netmasks
+that are allowed to do recursion to the Recursor and all other queries
+to the Authoritative Server.
 
 5. Restart the Authoritative Server, the Recursor and dnsdist
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^