How to configure client whitelist

[liang-hiwin]

I want to configure that only IPs that comply with CIDR can use dns.

[folbricht]

That seems straightforward, like in https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/client-blocklist-drop.toml Just need to set resolver to something that blocks, and blocklist-resolver to something that forwards the query.

[liang-hiwin]

That seems straightforward, like in https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/client-blocklist-drop.toml Just need to set resolver to something that blocks, and blocklist-resolver to something that forwards the query.

I need a whitelist IP list, such as building a dns server whitelisted IP or a whitelisted country IP before I can use it.

[folbricht]

If you need to block/allow responses based on geo location, there's an example in https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/response-blocklist-geo.toml#L8 Or if you want to block clients based on location you can look at https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/client-blocklist-geo.toml

[liang-hiwin]

If you need to block/allow responses based on geo location, there's an example in https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/response-blocklist-geo.toml#L8 Or if you want to block clients based on location you can look at https://github.com/folbricht/routedns/blob/master/cmd/routedns/example-config/client-blocklist-geo.toml

I want to implement a function similar to nginx. For example

allow 1.1.8.0/24; allow 1.1.8.0/24; allow 1.116.0.0/15; ..... deny all;

[cbuijs]

It can be done like this:

[groups.client-allowlist]
type = "client-blocklist"
resolvers = ["deny-client"]
blocklist-resolver = "allow-client"
blocklist = [
  '1.1.8.0/24',
  '1.116.0.0/15',
]