search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.7k stars 908 forks source link

support exact (non-suffix) matching in newDS #4949

Open Habbie opened 7 years ago

Habbie commented 7 years ago

Short description

Currently if you put example.com in a Domain Suffix object, this will match example.com and everything under it. We should also support matching -just- example.com.

Usecase

Blocklists tend to come with two flavours of domains - either 'block everything inside this domain' or 'block this exact domain'. I want to do both in a single newDS without also having a Lua table for the exact matches.

Description

myDS:add should perhaps grow a boolean that, if true, defines the domain as exactly matching, or we add another method. I suggest augmenting toString() to put a . in front of every domain that is NOT exactly matched.

wojas commented 7 years ago

Changing toString() for all the current lists might break existing code. Another option would be to use something like =example.com for exact matches and keep the behavior of example.com. newDS would first have to check for =example.com, then example.com.

Instead of = we could also use ^, which probably makes it easier to add these to config files.

Habbie commented 7 years ago

I'm not worried about toString() breaking existing code, it wasn't meant for program consumption. I like ^ indeed.