From ad87351802f0a75c81b373da6945762ea4b30628 Mon Sep 17 00:00:00 2001 From: MaxHearnden Date: Mon, 22 Sep 2025 01:21:18 +0100 Subject: [PATCH] Use RDRule in dnsdist example This would allow IP addresses with access to the recursive DNS server to also access the authoritative DNS server to e.g. perform zone transfers. Signed-off-by: MaxHearnden --- docs/guides/recursion.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/guides/recursion.rst b/docs/guides/recursion.rst index 8f747fd1f5..a9b9d10f79 100644 --- a/docs/guides/recursion.rst +++ b/docs/guides/recursion.rst @@ -207,12 +207,12 @@ This is where several settings from the existing Authoritative Server recursive_ips:addMask('NETWORKMASK1') -- These network masks are the ones from allow-recursion in the Authoritative Server recursive_ips:addMask('NETWORKMASK2') - addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor')) + addAction(AndRule({NetmaskGroupRule(recursive_ips), RDRule()}), PoolAction('recursor')) addAction(AllRule(), PoolAction('auth')) -This configuration will route all queries from the netmasks that are -allowed to do recursion to the Recursor and all other queries to the -Authoritative Server. +This configuration will route all recursive queries from the netmasks +that are allowed to do recursion to the Recursor and all other queries +to the Authoritative Server. 5. Restart the Authoritative Server, the Recursor and dnsdist ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- 2.47.3