Is it possible to have wildcards domains in the middle of a domain name using response policy zones? For example s3.*.amazonaws.com.
If this is not possible, is there a technology, that can do this?
Asked
Active
Viewed 890 times
1 Answers
1
To my knowledge the QNAME trigger in RPZ has the same wildcard semantics as DNS in general. Ie, it's only when it's specifically the left-most label that is * that the asterisk is considered a wildcard.
With RPZ out of the picture, I don't believe there is any standardized interface that does what you ask for, however some DNS server implementations provide some form of implementation-specific policy framework or generic scripting capability.
Here follows some examples of starting points for solutions based on popular free software (not an exhaustive list, consider these a handful of illustrative examples).
Using some form of policy framework:
- Dnsdist's RegexRule
- Knot Resolver's query policies (
pattern)
More low-level solutions based on query interception with generic scripting interfaces:
- Powerdns Recursor's Lua scripting interface
- Unbound's python module interface (eg their resmod example)
Håkan Lindqvist
- 35,011
- 5
- 69
- 94
-
Thanks for the exhaustive answer. – stena Jun 03 '19 at 19:40