5.7.4. Class DNSMatcher

DNSMatcher retrieves the IP addresses of domain names. This can be used in domain name based policy decisions, for example to allow encrypted connections only to trusted e-banking sites.

DNSMatcher operates as follows: it resolves the IP addresses stored in the list of domain names using the specified Domain Name Server, and compares the results to the IP address of the connection (i.e., the IP address of the server or the client). The matcher returns a true value if the IP addresses resolved from the list of domain names include the IP address of the connection.

Example 5.24. DNSMatcher example

Example 5.24. DNSMatcher example
The following DNSMatcher class uses the `dns.example.com` name server to resolve the `example2.com` and `example3.com` domain names. MatcherPolicy(name="ExampleDomainMatcher", matcher=DNSMatcher(server="dns.example.com", hosts=("example2.com", "example3.com")))

The following DNSMatcher class uses the dns.example.com name server to resolve the example2.com and example3.com domain names.

MatcherPolicy(name="ExampleDomainMatcher", matcher=DNSMatcher(server="dns.example.com", hosts=("example2.com", "example3.com")))

Previous	Up	Next
	Home

Zorp GPL 7 Reference Guide

5.7. Module Matcher

5.7.4. Class DNSMatcher