Conditional groups

Question

Conditional groups

p3lim opened this issue 9 months ago · 4 comments

In both upstreams and blocking we can define rules ("groups") for which source hits which resolver/blocklist, but this is not a thing for conditional.

I would like to, as an example, not allow my guest network to resolve my internal authoritative server, only upstreams and/or blocking.

An example wishful configuration (not a direct proposal):

upstreams:
  groups:
    default:
      - 1.1.1.1
    192.168.0.0/24: # my guest network
      - 1.1.1.2
blocking:
  ...
  clientGroupsBlock:
    default:
      - ads
      - gambling
    192.168.0.0/24: # my guest network
      - ads
conditional:
  mapping:
    my.internal.domain: 10.0.0.5 # my internal authoritative dns
    exposed-service.my.internal.domain: 10.0.0.5 # specific service that guests can query
  clientGroups:
    default:
      - my.internal.domain
    192.168.0.0/24: # my guest network does not get to query my entire domain
      - exposed-service.my.internal.domain

In cases where you wouldn't want a client to reach any mappings it could be an empty list, e.g:

clientGroups:
  ...
  192.168.0.0/24: []

This should be optional, both for brievity in the config and for backwards compatibility.

bjw-s commented 6 months ago

Not stale

Answer 1 · 2024-07-26T04:01:16.000Z

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

Answer 2 · 2024-10-25T04:01:17.000Z

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

Answer 3 · 2024-10-25T09:14:01.000Z

Not stale, I think I might write up a PR for this... it would be my first time writing go though, so its gonna take a while to get something decent