aboutsummaryrefslogtreecommitdiff
path: root/plugin/acl/acl.go
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/acl/acl.go')
-rw-r--r--plugin/acl/acl.go7
1 files changed, 7 insertions, 0 deletions
diff --git a/plugin/acl/acl.go b/plugin/acl/acl.go
index 7d7b9d600..263232632 100644
--- a/plugin/acl/acl.go
+++ b/plugin/acl/acl.go
@@ -49,6 +49,8 @@ const (
actionBlock
// actionFilter returns empty sets for queries towards protected DNS zones.
actionFilter
+ // actionDrop does not respond for queries towards the protected DNS zones.
+ actionDrop
)
var log = clog.NewWithPlugin("acl")
@@ -67,6 +69,11 @@ RulesCheckLoop:
action := matchWithPolicies(rule.policies, w, r)
switch action {
+ case actionDrop:
+ {
+ RequestDropCount.WithLabelValues(metrics.WithServer(ctx), zone, metrics.WithView(ctx)).Inc()
+ return dns.RcodeSuccess, nil
+ }
case actionBlock:
{
m := new(dns.Msg).
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-05 04:07:49 +0000