.. code-block:: Lua
addProxyMapping("127.0.0.0/24", "203.0.113.1")
- addProxyMapping("10.0.0.0/8", "203.0.113.2")
+ domains = { "example.com", "example.net" }
+ addProxyMapping("10.0.0.0/8", "203.0.113.2", domains)
The following function is available to configure table based proxy mapping.
By default, the address *before* mapping ``S`` is used for internal logging and ``Protobuf`` messages.
See :func:`protobufServer` on how to tune the source address logged in ``Protobuf`` messages.
-.. function:: addProxyMapping(subnet, ip)
+.. function:: addProxyMapping(subnet, ip [, domains])
.. versionadded:: 4.7.0
:param string subnet: a subnet to match
:param string ip: the IP address or IPaddress port combination to match the subnet to.
+ :param array domains: An array of strings used to fill a :ref:`dns-suffix-match-group`.
+If this ``domains`` argument is given to this function, only queries for names matching the :ref:`dns-suffix-match-group` will use the value ``M`` to determine the outgoing ECS, other queries will use the value ``S``.
+The ACL check will be done against the mapped address ``M`` for all queries, independent of the name queried.
+If the ``domains`` argument is absent, no extra condition (apart from matching the subnet) aplies to determine the outgoing ECS value.
:param string name: The name to compare to
-DNS Suffix Match Groups
------------------------
+.. _dns-suffix-match-group:
+
+DNS Suffix Match Group
+----------------------
-The :func:`newDS` function creates a "Suffix Match group" that allows fast checking if a :class:`DNSName` is part of a group.
+The :func:`newDS` function creates a ``DSN Suffix Match Group`` that allows fast checking if a :class:`DNSName` is part of a group.
This could e.g. be used to answer questions for known malware domains.
To check e.g. the :attr:`dq.qname` against a list:
.. function:: newDS() -> DNSSuffixMatchGroup
- Creates a new DNS Suffix Match Group.
+ Creates a new ``DNS Suffix Match Group``.
.. class:: DNSSuffixMatchGroup
This class represents a group of DNS names that can be used to quickly compare a single :class:`DNSName` against.
.. method:: DNSSuffixMatchGroup:add(domain)
+ DNSSuffixMatchGroup:add(dnsname)
DNSSuffixMatchGroup:add(domains)
- Add one or more domains to the Suffix Match Group.
+ Add one or more domains to the ``DNS Suffix Match Group``.
:param str domain: A domain name to add
- :param {str} domain: A list of Domains to add
+ :param DNSName dnsname: A dnsname to add
+ :param {str} domains: A list of domain names to add
- .. method:: DNSSuffixMatchGroup:check(domain) -> bool
+ .. method:: DNSSuffixMatchGroup:check(dnsname) -> bool
- Check ``domain`` against the Suffix Match Group.
- Returns true if it is matched, false otherwise.
+ Check ``dnsname`` against the ``DNS Suffix Match Group``.
+ Returns ``true`` if it is matched, ``false`` otherwise.
- :param DNSName domain: The domain name to check
+ :param DNSName dnsname: The dnsname to check
.. method:: DNSSuffixMatchGroup:toString() -> str
- Returns a string of the set of suffixes matched by the Suffix Match Group
+ Returns a string of the set of suffixes matched by the ``DNS Suffix Match Group``.
projects / thirdparty / pdns.git / commitdiff
