FW: closest match algorithm in play?

[Randall Diffenderfer]

a little more experimentation...

the below isn't quite correct.  it actually produces desired results.  it doesn't if the datasets are separated in the combined zone.

[test.zone]

$DATASET ip4trie:test test
10.10.10.0/24 :127.0.0.24

... other stuff...

$DATASET ip4trie:test test
10.10.0.0/16 :127.0.0.16

now i do match "both" of these dataset entries.

bottom line seems to be that unlike a dataset should be a self contained zone, unlike the command line where we can add any number of files to build up a zone


On 3/4/19, 12:19, "Randall Diffenderfer" <rdiffenderfer@proofpoint.com> wrote:

    i get multiple records from a query where i have zones that overlap.  somehow i had gotten the impression that "best match" was in play?  is that not the case?  how do i achieve a "sieve" effect here?
    
    in a combined dataset:
    
    rbldnsd example.com:combined:test.zone
    
    [test.zone]
    
    $DATASET ip4trie:test test
    
    10.10.10.0/24 :127.0.0.24
    10.10.0.0/16 :127.0.0.16
    
    given a query "1.1.10.10.test.example.com", i'd expect to see "127.0.0.16"
    given a query "1.10.10.10.test.example.com", i'd expect to see "127.0.0.24", but i get both records back.  huh?
    
    admittedly, it does match both zones, but i really just want the more "exact" match.