117a389e40
Currently ACLs only allow for allow and block, however it isn't always desirable to set the status code to REFUSED. Often times you want to completely hide the fact that those records even exist. Adding the ability to acl to filter results makes it significantly harder for a third party to know that the records are being masked. Signed-off-by: George Shammas <george@shamm.as>
32 lines
1.1 KiB
Go
32 lines
1.1 KiB
Go
package acl
|
|
|
|
import (
|
|
"github.com/coredns/coredns/plugin"
|
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
"github.com/prometheus/client_golang/prometheus/promauto"
|
|
)
|
|
|
|
var (
|
|
// RequestBlockCount is the number of DNS requests being blocked.
|
|
RequestBlockCount = promauto.NewCounterVec(prometheus.CounterOpts{
|
|
Namespace: plugin.Namespace,
|
|
Subsystem: pluginName,
|
|
Name: "blocked_requests_total",
|
|
Help: "Counter of DNS requests being blocked.",
|
|
}, []string{"server", "zone"})
|
|
// RequestFilterCount is the number of DNS requests being filtered.
|
|
RequestFilterCount = promauto.NewCounterVec(prometheus.CounterOpts{
|
|
Namespace: plugin.Namespace,
|
|
Subsystem: pluginName,
|
|
Name: "filtered_requests_total",
|
|
Help: "Counter of DNS requests being filtered.",
|
|
}, []string{"server", "zone"})
|
|
// RequestAllowCount is the number of DNS requests being Allowed.
|
|
RequestAllowCount = promauto.NewCounterVec(prometheus.CounterOpts{
|
|
Namespace: plugin.Namespace,
|
|
Subsystem: pluginName,
|
|
Name: "allowed_requests_total",
|
|
Help: "Counter of DNS requests being allowed.",
|
|
}, []string{"server"})
|
|
)
|