<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 10/20/2014 9:40 AM, Ciro Iriarte wrote:<br>
<blockquote
cite="mid:CAEaLa5Fj6SOZUXmRGx_ZF7JtwtP2QO9t8ETrNO=poyA7GWa0AA@mail.gmail.com"
type="cite">
<pre wrap="">2014-10-17 13:35 GMT-03:00 <a class="moz-txt-link-abbreviated" href="mailto:ktm@rice.edu">ktm@rice.edu</a> <a class="moz-txt-link-rfc2396E" href="mailto:ktm@rice.edu"><ktm@rice.edu></a>:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Hi Ciro,
We used a CDB key value store. It was easy to use/update and had
very good performance. "grepping" is O(n*n) so it will tank as
your list grows and you really don't want to slow down your DNS
lookups.
Regards,
Ken
</pre>
</blockquote>
<pre wrap="">
Hi Ken, I'll look at the LUA+CDB mix given it seems more elegant, any
document specific for PDNS you can point me to?
Regards,!
</pre>
</blockquote>
<pre wrap="">
Hi,
No PDNS specific documentation, we used the CDB map to allow the
blacklist to be update without needing to restart the recursor
and lose all the cached DNS lookups. We wrote a function similar
to the example Lua script using a CDB map instead.
Regards,
Ken
</pre>
</blockquote>
<pre wrap="">
Hi Ken!, would you be willing to publish/share your implementation?.
Having two different rules (two groups, each group with different
answers), do you think it's best to use two scripts?, or just push
more data to the CDB (A record expected + answer) and use one script?
Regards,</pre>
</blockquote>
<br>
I've been looking for a way to do this as well. I would think that
a separate pdns instance on a different server than your main dns
would do the trick or have one bound to one address and a second
instance bound to another using separate databases. I tried setting
up a zone and delegating it to the current DNS and that doesn't
work. It's an interesting problem. Currently I'm using iptables on
my mail servers, but that get's unwieldy and unmanageable in a
hurry. I've also done it with spamassassin rules, but that also
get's to be unmanageable, too.<br>
<br>
--Curtis<br>
<br>
<br>
<blockquote
cite="mid:CAEaLa5Fj6SOZUXmRGx_ZF7JtwtP2QO9t8ETrNO=poyA7GWa0AA@mail.gmail.com"
type="cite">
<pre wrap="">
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
Curtis Maurand<br>
<a href="mailto:curtis@maurand.com">curtis@maurand.com</a><br>
207-252-7748</div>
</body>
</html>