From cc389e95e38ce84f808b4d45256f1f6c307765aa Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 6 Feb 2023 21:36:06 +0100 Subject: [PATCH] Document support of comma-separated query types in the regex extension ;querytype=A,AAAA. Furthermore, be a bit more explicit about what OTHER means in which context. Signed-off-by: DL6ER --- docs/database/ftl.md | 4 +++- docs/regex/pi-hole.md | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/database/ftl.md b/docs/database/ftl.md index db4d2f7..ab1eecc 100644 --- a/docs/database/ftl.md +++ b/docs/database/ftl.md @@ -103,10 +103,12 @@ ID | Resource Record (a.k.a. query type) 11 | `RRSIG` 12 | `DNSKEY` 13 | `NS` -14 | `OTHER` (any query type not covered elsewhere) +14 | `OTHER` (any query type not covered elsewhere, but see note below) 15 | `SVCB` 16 | `HTTPS` +Any other query type will be stored with an offset of 100, i.e., `TYPE66` will be stored as `166` in the database (see [pi-hole/FTL #1013](https://github.com/pi-hole/FTL/pull/1013)). This is done to allow for future extensions of the query type list without having to change the database schema. The `OTHER` query type is deprecated since Pi-hole FTL v5.4 (released Jan 2021) and not used anymore. It is kept for backwards compatibility. Note that `OTHER` is still used for the [regex extension `querytype=`](../regex/pi-hole.md#querytype) filter and used for all queries not covered by the above list. + ### Supported status types ID | Status | | Details diff --git a/docs/regex/pi-hole.md b/docs/regex/pi-hole.md index b1691ee..e2a37ae 100644 --- a/docs/regex/pi-hole.md +++ b/docs/regex/pi-hole.md @@ -2,7 +2,7 @@ ## Only match specific query types -You can amend the regular expressions by special keywords added at the end to fine-tine regular expressions to match only specific [query types](../database/ftl.md#supported-query-types). +You can amend the regular expressions by special keywords added at the end to fine-tine regular expressions to match only specific [query types](../database/ftl.md#supported-query-types). In contrast to the description of `OTHER` as being deprecated for storing queries in the database, it is still supported for regular expressions and will match all queries that are not *explicitly* covered by the other query types (see also example below). Example: @@ -38,6 +38,12 @@ Some user-provided examples are: A regex blacklist entry to block `ANY` request network wide. +- `.*;querytype=OTHER` + + A regex blacklist entry to block `OTHER` request network wide. This rule will match, for instance, proprietary DNS requests using custom query types in the reserved range or queries for seldom used DNS record types like `IXFR` or `AXFR`. + +Note that multiple (comma-separated) query types can be specified at the same time, e.g., `.*;querytype=A,AAAA` will match both `A` and `AAAA` requests. In a similar fashion, an inverted (`!` modifier) list, e.g., `.*;querytype=!A,AAAA` will match everything *except* `A` and `AAAA` requests. + ## Invert matching Sometimes, it may be useful to be able to invert a regular expression altogether. Hence, we added the keyword `;invert` to achieve exactly this.