git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 13 Feb 2026 13:45:43 +0000 (14:45 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 13 Feb 2026 14:08:34 +0000 (15:08 +0100)
commit	c3d55a0f576bf851d14dfa81aef32c9652fe73ce
tree	17f887438ba458bad423951eb802b6c5004f7e9c	tree
parent	2993da41061589776f018d505a55cd1dde7fa4fd	commit \| diff

dnsdist: Subnets excluded from dynamic rules should not count towards thresholds

Until now we only looked at whether a subnet was excluded from dynamic rules
when deciding to insert a block. This introduced an issue when the dynamic
rules were configured to group clients into subnets via the `setMasks` directive,
because then queries received from an excluded client were still counted towards
the thresholds for the final subnet. For example, when grouping IPv4 clients
into `/24` subnets and excluding `192.0.2.1`, we would end up blocking the
whole `192.0.2.0/24` subnet if the number of queries or responses received
from `192.0.2.1` were over the threshold.
From now on excluded subnets will no longer count toward the thresholds.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

pdns/dnsdistdist/dnsdist-dynblocks.cc		diff \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-settings-definitions.yml		diff \| blob \| blame \| history
pdns/dnsdistdist/docs/reference/config.rst		diff \| blob \| blame \| history
pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc		diff \| blob \| blame \| history
regression-tests.dnsdist/test_DynBlocksGroup.py		diff \| blob \| blame \| history