From 117a389e40832cdbee69bd9daa04ca35611082ff Mon Sep 17 00:00:00 2001
From: George Shammas <georgyo@gmail.com>
Date: Mon, 1 Feb 2021 09:52:23 -0500
Subject: plugin/acl: add the ability to filter records (#4389)

Currently ACLs only allow for allow and block, however it isn't
always desirable to set the status code to REFUSED. Often times
you want to completely hide the fact that those records even exist.

Adding the ability to acl to filter results makes it significantly
harder for a third party to know that the records are being masked.

Signed-off-by: George Shammas <george@shamm.as>
---
 plugin/acl/metrics.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'plugin/acl/metrics.go')

diff --git a/plugin/acl/metrics.go b/plugin/acl/metrics.go
index b0357cab1..76f30b5a6 100644
--- a/plugin/acl/metrics.go
+++ b/plugin/acl/metrics.go
@@ -15,6 +15,13 @@ var (
 		Name:      "blocked_requests_total",
 		Help:      "Counter of DNS requests being blocked.",
 	}, []string{"server", "zone"})
+	// RequestFilterCount is the number of DNS requests being filtered.
+	RequestFilterCount = promauto.NewCounterVec(prometheus.CounterOpts{
+		Namespace: plugin.Namespace,
+		Subsystem: pluginName,
+		Name:      "filtered_requests_total",
+		Help:      "Counter of DNS requests being filtered.",
+	}, []string{"server", "zone"})
 	// RequestAllowCount is the number of DNS requests being Allowed.
 	RequestAllowCount = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: plugin.Namespace,
-- 
cgit v1.2.3